On Thu, Apr 19, 2018 at 07:16:04PM -0400, Viktor Dukhovni wrote: > > But not all the friction can be eliminated, and likely not > all providers can be persuaded to be more accommodating. > Which leaves us with some difficult judgement calls: > > * Restrict TLS 1.3 support to just applications compiled > against 1.1.1? A weak signal, but likely correlates at > least somewhat with the application being ready.
Applications get rebuild for all sort of reasons, I don't actually see this as a good signal at all. > * Determine whether the application is likely to be compatible > at runtime by looking at the provided configuration. Is SNI > enabled? Is the certificate chain weird enough to break with > TLS 1.3. Has the application turned off critical algorithms? > > * Do nothing, let the applications adapt or stick with older > libraries? I'm for keeping this as they are now. After the release some things might break. Applications will adapt. Kurt _______________________________________________ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project