openssl-users at dukhovni.org
Fri May 8 00:40:35 UTC 2015
On Thu, May 07, 2015 at 08:00:17PM -0400, Nathaniel McCallum wrote:
> There have been some conversations behind Red Hat doors about
> improving the state of Kerberos/TLS in both standards and
> implementations. Could we maybe have a broader conversation about how
> to fix this situation?
To be blunt, if you want better Kerberos support in TLS, the fix
is to expand the TLS WG charter to explore new directions in TLS
Kerberos support. Given all the current efforts on 1.3, this is
not going to happen for quite some time.
There's nothing that can be done in just OpenSSL, and the right
immediate action is to drop support for the obsolete protocol.
[ FWIW, Nico concurs. ]
More information about the openssl-users