[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] Deprecate TLS 1.0 and TLS 1.1
|
From: |
Darshit Shah |
|
Subject: |
Re: [Bug-wget] Deprecate TLS 1.0 and TLS 1.1 |
|
Date: |
Tue, 19 Jun 2018 13:37:15 +0200 |
|
User-agent: |
NeoMutt/20180512 |
* Tim Rühsen <address@hidden> [180619 13:18]:
> On 06/19/2018 12:44 PM, Loganaden Velvindron wrote:
> > Hi All,
> >
> > As per:
> > https://tools.ietf.org/html/draft-moriarty-tls-oldversions-diediedie-00
> >
> > Attached is a tentative patch to disable TLS 1.0 and TLS 1.1 by
> > default. No doubt that this will cause some discussions, I'm open to
> > hearing all opinions on this.
> >
>
> Good idea for the public internet.
>
> IMO there are too many 'internal' devices / hardware that are not
> up-to-date and impossible to update.
>
> What about amending the patch so that we apply it only to public IP
> addresses ?
>
I like this idea. Also, the user should retain their freedom to connect to an
insecure server as well. We should have a switch that will allow falling back
to TLS 1.0 and 1.1.
> And even then - we should not just 'fail' on older servers but tell the
> user why wget fails and what to do about it. In the end, the user is
> responsible and in control.
>
> Regards, Tim
>
--
Thanking You,
Darshit Shah
PGP Fingerprint: 7845 120B 07CB D8D6 ECE5 FF2B 2A17 43ED A91A 35B6
signature.asc
Description: PGP signature