[Haskell-cafe] heads-up: tls v2.0.0
Viktor Dukhovni
ietf-dane at dukhovni.org
Fri Jan 19 01:51:50 UTC 2024
On Fri, Jan 19, 2024 at 10:21:56AM +0900, Kazu Yamamoto (山本和彦) via Haskell-Cafe wrote:
> I'm planning to release the "tls" package v2.0.0 probably within one
> month. It removes TLS 1.0/1.1 and provides only TLS 1.2/1.3 with safe
> cipher suites according to recent RFCs and internet-drafts.
>
> This version does not change the default usage. But if you are using
> custom parameters, you might have to modify your code. This breaking
> change is *intentional* to notice users that they are using vulnerable
> versions and/or parameters.
I'd very much prefer that support for TLS 1.0/1.1 not be removed. Any
chance you could find some way to explicitly keep these protocol
versions enabled?
--
Viktor.
More information about the Haskell-Cafe
mailing list