Relationship between TLS 1.3 ciphers and earlier ciphers

[Michael Wojcik]

> From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of Jordan Brown
> Sent: Friday, 26 May, 2023 13:20

> (We could of course have separate 1.2 and 1.3 lists in the UI, but that seems like excessive complexity
> both in the implementation and in the UI.)

For the record, that's what we have. The administration UI lets administrators configure allowed protocols and separate cipher-suite lists for TLSv1.2 (and earlier), and for TLSv1.3.

To my mind, this emphasizes to the customers' administrators that TLSv1.2 and TLSv1.3 have different sets of allowed suites. There's already ample confusion among customers about every aspect of TLS – particularly when one group is in charge of our product, and another group is in charge of scanning internal systems and complaining about them while providing no support whatsoever, which seems to be an industry norm.

It's easier for us to help those admins work through the two separate cipher lists (though really they mostly should be able to use our defaults, or if not simply set @SECLEVEL appropriately for the TLSv1.2 collection and leave the TLSv1.3 collection alone) than to try to work with a single setting that conflates the two.

But that said, we have a long backlog of "TLS usability" items, and even if we got through all of those TLS is still damned difficult for non-experts, so it's not like I can claim we're paragons of usability. I'm sure people can make reasonable arguments for presenting a combined list to end users, and then programmatically separating that into the two collections.

-- 
Michael Wojcik