Hubert Kario wrote:
> 170 were detected as TLS 1.3 incompatible (3.9%)
> 183 were detected as TLS 1.4 incompatible (4.2%)
> 229 were detected as TLS 1.253 incompatible (5.22%)
>
> in the below excerpt (full list below, this is just entries that have at least
> 4 servers with
The following errata report has been submitted for RFC5246,
"The Transport Layer Security (TLS) Protocol Version 1.2".
--
You may review the report below and at:
http://www.rfc-editor.org/errata_search.php?rfc=5246=4750
--
David,
Technically, IANA makes the assignments we (the IETF/TLS WG) ask them to make
via the IANA considerations section. They enforce the registry policy
established when we (the IETF/TLS WG) originally established the registry; the
available policies are found in RFC 5226 (and there’s some
On Tuesday, 26 July 2016 12:08:33 CEST Viktor Dukhovni wrote:
> On Tue, Jul 26, 2016 at 01:09:04PM +0300, Ilari Liusvaara wrote:
> > > Failure:
> > > openssl s_client -connect regmedia.co.uk:443 -cipher
> > > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305>
> > If you swap the order of
On Tue, Jul 26, 2016 at 01:09:04PM +0300, Ilari Liusvaara wrote:
> > Failure:
> > openssl s_client -connect regmedia.co.uk:443 -cipher
> > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305
>
> If you swap the order of these two ciphersuites, does it suceed or fail?
>
> I.e.
>
>
On Monday, 25 July 2016 21:08:49 CEST Martin Rex wrote:
> I've just run into a weird interoperability problem with an (alleged)
> cloudflare/nginx TLS server and my personal Firefox settings.
>
> https://regmedia.co.uk/2015/07/14/giant_weta_mike_locke_flicker_cc_20.jpg
>
>
> Traditionally I
Since I've referred to TLS-LTS a couple of times now I should mention that
I've just posted an update, with the following changes:
- Clarified what happens during a session resumption.
- Fixed the ServerKeyExchange text to indicate what happens when the hash
isn't the default SHA-256. Is the
On Monday, 25 July 2016 23:32:41 CEST David Benjamin wrote:
> On Mon, Jul 25, 2016 at 7:23 PM Viktor Dukhovni
>
> wrote:
> > On Mon, Jul 25, 2016 at 10:32:29PM +, David Benjamin wrote:
> > > I'm not sure how this process usually works, but I would like to reserve
> >
Ilari Liusvaara writes:
>The basic problem (let's ignore non-cert modes for a bit):
>
>When choosing the certificate, you need to consider if you have a ciphersuite
>that can use some supported group and protection/prf-hash available.
>
>Similarly, when choosing a
On Tue, Jul 26, 2016 at 6:56 AM Hubert Kario wrote:
> On Monday, 25 July 2016 22:32:29 CEST David Benjamin wrote:
> > I would like to fix this by reserving a few values in our registries so
> > that clients may advertise random ones and regularly exercise these
> > codepaths
On Monday, 25 July 2016 22:32:29 CEST David Benjamin wrote:
> I would like to fix this by reserving a few values in our registries so
> that clients may advertise random ones and regularly exercise these
> codepaths in servers. If enough of the client base does this, we can turn a
> large class of
On Tue, Jul 26, 2016 at 07:48:05AM +, Peter Gutmann wrote:
> Ilari Liusvaara writes:
>
> >I recently (tried to) implement(ed) TLS 1.2 ciphersuite negotiation in a way
> >that always negotiates something if at least one valid configuration exists,
> >and respects TLS
Viktor Dukhovni wrote:
>
>> On Jul 25, 2016, at 3:08 PM, Martin Rex wrote:
>>
>> specifically, after the FF update, this new TLS ciphersuite:
>>
>> security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256 (0xcc, 0xa9)
>>
>> was the only ECDSA cipher suite enabled in my Firefox 47.0.1,
Ilari Liusvaara writes:
>I recently (tried to) implement(ed) TLS 1.2 ciphersuite negotiation in a way
>that always negotiates something if at least one valid configuration exists,
>and respects TLS 1.2 rules.
>
>The resulting code was totally insane, and I am very much
Correction--
I'm sorry, I mistyped the firefox config, this should have said
the chacha20_poly1305 (0xcc 0xa9) cipher suite was the only one enabled.
Martin Rex wrote:
> I've just run into a weird interoperability problem with an (alleged)
> cloudflare/nginx TLS server and my personal Firefox
15 matches
Mail list logo