[146696] in cryptography@c2.net mail archive
Re: [Cryptography] People should turn on PFS in TLS
daemon@ATHENA.MIT.EDU (James Cloos)
Fri Sep 6 20:45:45 2013
X-Original-To: cryptography@metzdowd.com
From: James Cloos <cloos@jhcloos.com>
To: "Perry E. Metzger" <perry@piermont.com>
In-Reply-To: <20130906141148.259addb1@jabberwock.cb.piermont.com> (Perry
E. Metzger's message of "Fri, 6 Sep 2013 14:11:48 -0400")
Date: Fri, 06 Sep 2013 20:18:48 -0400
Cc: Cryptography Mailing List <cryptography@metzdowd.com>,
Ben Laurie <ben@links.org>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
>>>>> "PEM" == Perry E Metzger <perry@piermont.com> writes:
PEM> Anyone at a browser vendor resisting the move to 1.2 should be
PEM> viewed with deep suspicion.
Is anyone?
NSS has 1.2 now; it is, AIUI, in progress for ff and sm.
Chromium supports it (as of version 29, it seems).
Opera supports 1.2 (at least as of version 12, maybe earlier?).
Arora 0.11.0 doesn't seem to provide a way to check....
Links and elinks only did tls 1.1.
I don't see a way to get lynx or w3m (text browsers), midori, luakit or
xombrero (webkit-gtk) or qupzilla (webkit-qt) to report the tls version
details. So I cannot confirm what webkit can do.
A bug report from 2011 for polarssl mentions that ie9 can do 1.2.
I don't think there is anything else I can test.
With it in openssl, gnutls, nss, polarssl, et alia support seems pretty
complete. It will take some time for the current ff alpha to filter
down to a "release", but otherwise things look good on the 1.2 front.
-JimC
--
James Cloos <cloos@jhcloos.com> OpenPGP: 1024D/ED7DAEA6
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
