[Haskell-cafe] heads-up: tls v2.0.0
Viktor Dukhovni
ietf-dane at dukhovni.org
Sun Jan 21 00:24:49 UTC 2024
On Sun, Jan 21, 2024 at 09:09:45AM +0900, Kazu Yamamoto (山本和彦) via Haskell-Cafe wrote:
> I hit upon a solution for Viktor.
> TLS 1.0/1.1 code is kept and enabled via a special parameter.
> Old cipher suites including CBC are provided by
> "tls-insecure" or something.
Thanks, can you be more specific? Is this a run-time or build-time
flag?
[ FWIW, properly used, e.g. with Encrypt-then-MAC (EtM) CBC ciphers are
actually more robust in practice than GCM, because they're not subject
to complete failure on nonce reuse. ]
> I'm surprised because Jo already proposed the same solution. :-)
> So, I would support his proposal.
>
> Viktor, could you volunteer to maintain the "tls-deprecated" package?
Can you elaborate on what's involved? I may be able to make sure it
builds with recent-enogh GHC, ... if that's the bulk of the effort
and there are no new features to worry about.
--
Viktor.
More information about the Haskell-Cafe
mailing list