Mandatory to implement key exchange/cipher suite #498
Labels
Milestone
Comments
|
Yes, I think you do. TLS 1.3 will be mandating ephemeral key exchange, so I think you just want to use whatever their MTI is (presumably either DHE or ECDHE with AES-GCM). I expect to have a preliminary answer to this in YVR. Will that be soon enough? |
|
TOR, I hope. But I think that should suffice. We can discuss whether we try to preempt that decision or leave a placeholder. |
|
Sorry, I meant YYZ. |
|
Discussed in NYC; will make a decision about it in Toronto. Under discussion - ECDHE / DHE + RSA + AES-GCM + SHA256. Maybe another too. |
mnot
changed the title
|
We need to settle this for WGLC. @ekr, any chance of getting a decision earlier? |
martinthomson
added a commit
that referenced
this issue
Jul 16, 2014
martinthomson
added a commit
that referenced
this issue
Jul 22, 2014
|
#562 is editor-ready. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It has been noted that there is an opportunity for interoperability failure with the rules we have regarding ephemeral key exchange.
e.g., client has only DHE, server has only ECDHE, can't use HTTP/2
Do we want to specify a mandatory to implement cipher suite so that we can avoid this?
The text was updated successfully, but these errors were encountered: