> On Mar 14, 2018, at 8:39 AM, Hubert Kario <[email protected]> wrote: > > On Tuesday, 13 March 2018 23:16:47 CET Russ Housley wrote: >> Ted: >>> There's an easy way to do this, although as a sometime bank security geek >>> I would strongly advise you to not do it: keep using TLS 1.2. >> This is a bogus argument. First, staying with an old protocol version often >> leads to locking in unmaintained versions of old software. > > this is simply not true, the newest versions of OpenSSL, NSS, GnuTLS and > schannel allow you to disable TLS 1.2 and TLS 1.1 protocol support to > effectively only support TLS 1.0!
After TLS 1.3 is approved, I have heard a desire from software maintainers to drop support for some of the older versions over time. Support for SSL 3.0 has been dropped in some cases, and for good reasons. Russ _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
