Buy commercial curl support from
WolfSSL. We help you work out your issues, debug your libcurl
applications, use the API, port to new platforms, add new features and more.
With a team lead by the curl founder himself.
Re: When will we make TLS 1.3 support a mandatory requirement?
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Thu, 7 Mar 2024 09:41:38 +0100 (CET)
On Thu, 7 Mar 2024, Jeffrey Walton wrote:
> I feel like questions like "Allow TLS 1.0 and above or not", "Allow TLS 1.2
> or not" or "Require TLS 1.3" are policy decisions that the application
> authors should make. Businesses and application authors are in the best
> position to determine their needs. I don't think library authors should make
> the decision.
That's not what I propose. I propose we drop support for the libraries that do
not offer TLS 1.3 for curl (fifteen months into the future).
They could still negotiate older versions.
> And I am not sure how other protocols like QUIC intersect with TLS 1.3. It
> would be unfortunate if QUIC lost functionality due to loss of TLS v1.2. But
> like I said, I don't know if this is even the case.
QUIC uses TLS 1.3. So by definition, all TLS libraries that support QUIC also
support TLS 1.3 and thus would not be affected by my proposal.
Date: Thu, 7 Mar 2024 09:41:38 +0100 (CET)
On Thu, 7 Mar 2024, Jeffrey Walton wrote:
> I feel like questions like "Allow TLS 1.0 and above or not", "Allow TLS 1.2
> or not" or "Require TLS 1.3" are policy decisions that the application
> authors should make. Businesses and application authors are in the best
> position to determine their needs. I don't think library authors should make
> the decision.
That's not what I propose. I propose we drop support for the libraries that do
not offer TLS 1.3 for curl (fifteen months into the future).
They could still negotiate older versions.
> And I am not sure how other protocols like QUIC intersect with TLS 1.3. It
> would be unfortunate if QUIC lost functionality due to loss of TLS v1.2. But
> like I said, I don't know if this is even the case.
QUIC uses TLS 1.3. So by definition, all TLS libraries that support QUIC also
support TLS 1.3 and thus would not be affected by my proposal.
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2024-03-07