|
|
|
|
|
|
by tatersolid
2340 days ago
|
|
|
One should version whole protocols instead of adding option negotiation for things like cipher suite. So say:
TLS 1.4 = “NIST version” only supports ECDHE(P-256)+AES-256-GCM+SHA256
TLS 1.5 = “Bernstein Version” only supports ECDHE(X25519)+ChaCha20-Poly1305+Blake2b Because of the X.509 legacy both these future TLS might have to support RSA-2048 and P-256 ECC certs, but supporting just one would be better. In either case fewer options and branches is simpler and more secure. Both can be enabled, one turned off if a weakness is found. |
|
|