[openssl-project] Proto over ciphers or ciphers over proto? (was: The problem of (implicit) relinking and changed behaviour)
Benjamin Kaduk
kaduk at mit.edu
Sun Apr 15 21:06:20 UTC 2018
On Sun, Apr 15, 2018 at 12:15:55PM -0400, Viktor Dukhovni wrote:
>
>
> That said, I'm puzzled by the notion of "A certificate that is incompatible
> with TLS1.3". A certificate is a certificate, and introducing TLS 1.3 does
> not in any change the validity of the certificate, TLS 1.3 did not rewrite
> RFC5280. So if there's a certificate we're disallowing with TLS 1.3, that's
IIUC a fixed DH certificate is incompatible with TLS 1.3 but can be
TLS 1.2-compatible.
-Ben
More information about the openssl-project
mailing list