[openssl-project] Proto over ciphers or ciphers over proto? (was: The problem of (implicit) relinking and changed behaviour)

Benjamin Kaduk kaduk at mit.edu
Sun Apr 15 21:06:20 UTC 2018


On Sun, Apr 15, 2018 at 12:15:55PM -0400, Viktor Dukhovni wrote:
> 
> 
> That said, I'm puzzled by the notion of "A certificate that is incompatible
> with TLS1.3".  A certificate is a certificate, and introducing TLS 1.3 does
> not in any change the validity of the certificate, TLS 1.3 did not rewrite
> RFC5280.  So if there's a certificate we're disallowing with TLS 1.3, that's

IIUC a fixed DH certificate is incompatible with TLS 1.3 but can be
TLS 1.2-compatible.

-Ben


More information about the openssl-project mailing list