On 14/08/18 20:20, Matt Caswell wrote:
> Hi
>
> Back in 2007 Nokia started developing a CMP client based on OpenSSL that
> is currently in use in LTE infrastructure components. Siemens joined in
> the project some years ago to extend and utilize the code for further
> industrial use cases. We a
> On Aug 15, 2018, at 11:50 AM, Matt Caswell wrote:
>>
>> I think this counts as a regression, the client should notice that
>> it implicitly disabled TLS 1.3, and therefore not react to the
>> server's version sentinel by aborting the connection. Thoughts?
>>
>
> Hmm. Yes we should probabl
On 15/08/18 16:46, Viktor Dukhovni wrote:
> When I configure a client with a legacy TLS 1.2 protocol exclusion,
> e.g. by setting SSL_OP_NO_TLSv1_2 (rather than the new min/max
> version interface), as a result of the new TLS 1.3 protocol
> suport configurations that previously negotiated "up to
When I configure a client with a legacy TLS 1.2 protocol exclusion,
e.g. by setting SSL_OP_NO_TLSv1_2 (rather than the new min/max
version interface), as a result of the new TLS 1.3 protocol
suport configurations that previously negotiated "up to" TLS 1.1,
now fail when communicating with a TLS 1.3
On 10/08/18 09:43, Matt Caswell wrote:
>
>
> On 09/08/18 10:31, Matt Caswell wrote:
>
>> I think perhaps a vote is the only way forward then. Does this vote text
>> seem reasonable?
>>
>> "We should remove the TLSv1.2 to TLSv1.3 PSK compatibility mechanism as
>> discussed in issue 6490. If TL