[Haskell-cafe] heads-up: tls v2.0.0
Jo Durchholz
jo at durchholz.org
Fri Jan 19 22:43:22 UTC 2024
Thanks for the explanations; I now have a better understanding of the
issues at hand, and I hope this has helped others as well.
My personal take would be to move TLS 1.0/1 out into a separate library,
say, tls-deprecated.
One, this clearly marks the mechanism as something not to be used unless
you really need it.
Second, people who just use TLS will stick with the standard tls
library, and won't get old TLS activated by some funny accident (such as
misconfiguration); after all, code that isn't there can't be involved in
some security shenanigans.
Just my 2 cents, trying to reconcile legacy needs and security-by-design
aspects as far as possible.
I hope it helps somebody.
Regards,
Jo
More information about the Haskell-Cafe
mailing list