> On Apr 17, 2018, at 11:27 PM, Salz, Rich wrote:
>
> So far, if there's no SNI then we shouldn't do TLS 1.3 (as a client). That
> seems easy to code.
That might be a sensible work-around, with a bit of care to make sure that the
user has not also disabled TLS 1.2 (i.e.
So far, if there's no SNI then we shouldn't do TLS 1.3 (as a client). That
seems easy to code.
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project
In message on Tue, 17 Apr
2018 14:32:37 -0400, Viktor Dukhovni said:
openssl-users>
openssl-users>
openssl-users> > On Apr 17, 2018, at 2:15 PM, Richard Levitte
wrote:
openssl-users> >
Applications that have hitherto used TLS <= 1.2 have often not needed to use
SNI. The extension, though useful for virtual-hosting on the Web, was optional.
TLS 1.3 has raised the status of SNI from optional to "mandatory to implement".
What this means that is that implementations must support
On 17/04/18 23:36, Viktor Dukhovni wrote:
>
> Just wanted to check. The TLS 1.3 draft lists SNI as mandatory to implement,
> but is not mandatory to use. Clients should, but do not have to send SNI,
> and servers may require SNI, but can just use some default chain instead.
>
> Does
Just wanted to check. The TLS 1.3 draft lists SNI as mandatory to implement,
but is not mandatory to use. Clients should, but do not have to send SNI, and
servers may require SNI, but can just use some default chain instead.
Does OpenSSL's TLS 1.3 support mandate SNI in either the client or
> On Apr 17, 2018, at 2:15 PM, Richard Levitte wrote:
>
> Depends on what "the best thing you know to do" is. In my mind,
> simply refusing to run as before because the new kid in town didn't
> like the environment (for example a cert that's perfectly valid for
> TLSv1.2
In message <87d0yxq0m7@fifthhorseman.net> on Tue, 17 Apr 2018 09:05:52
-0700, Daniel Kahn Gillmor said:
dkg> On Mon 2018-04-16 08:22:59 +0200, Richard Levitte wrote:
dkg> > Generally speaking, I don't necesseraly agree. If the use of an API
dkg> > is perfectly valid
OpenSSL 1.1.1 pre release 5 done!
Repository is now unfrozen.
Thank you Matt for the review!
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
___
openssl-project mailing list
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL version 1.1.1 pre release 5 (beta)
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
OpenSSL 1.1.1 is currently in beta. OpenSSL 1.1.1 pre release 5 has now
On Mon, Apr 16, 2018 at 06:06:33PM +0100, Matt Caswell wrote:
>
> As I say in the PR (marked as WIP) I am seeking feedback as to whether
> this is something we should pursue now (i.e. for 1.1.1) or later (post
> 1.1.1) or not at all.
A related question I have is, do we consider this security
On 17/04/18 06:06, Dr. Matthias St. Pierre wrote:
> Matt,
>
> I wasn't aware that I can register for coverity reports (which I just
> did). If no one else has done it yet, I can look into the three drbg
> issues mentioned in your mail.
Great! Thanks
Matt
>
> Matthias
>
> BTW: isn't beta
Hi,
just a reminder that we're scheduled to release openssl-1.1.1-pre5
today.
I'll do the release this time.
If someone could freeze the repo for me, I'd be grateful:
ssh openssl-...@git.openssl.org freeze openssl levitte
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
13 matches
Mail list logo