Proposal to Deprecate TLS v1.2 within OWASP ASVS
Christian Heinrich
christian.heinrich at cmlh.id.au
Sat May 1 07:04:28 UTC 2021
I have put forth a Pull Request for OWASP Application Security
Verification Standard (ASVS) to deprecate TLS v1.2 and require TLS
v1.3 only.
This is part of a much larger piece of work to align with PCI-DSS
v3.2.1 at https://github.com/OWASP/ASVS/issues/317#issuecomment-829077114
It is also subject to change due to the dependency on what is in the
next major release of PCI-DSS v4.0 of which the latest news is
available at https://blog.pcisecuritystandards.org/pci-dss-v4.0-timeline-updated-to-support-an-additional-rfc
Please note the Pull Request (PR) is at an early stage so it might not
be merged in the next minor release of OWASP ASVS if adoption of TLS
v1.3 is too low at this point in time, etc.
I'd appreciate any further feedback from OpenSSL at
https://github.com/OWASP/ASVS/issues/979 please?
--
Regards,
Christian Heinrich
http://cmlh.id.au/contact
More information about the openssl-users
mailing list