Disabling SSLv3 and RC4 on Google servers, suggested TLS minimum standards and dropping the Equifax cross-sign:https://googleonlinesecurity.blogspot.com/2015/09/disabling-sslv3-and-rc4.html …
-
-
@BRIAN_____ (These are minimum requirements, not limits.) -
@agl__ I mean, it would be good if a client that only supports TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 with P-256 qualified. -
@BRIAN_____ Ah, well I had to pick something and ChaCha20-Poly1305 isn't even an RFC yet. Seems mean to make device manufactures do it. -
@agl__ Understood. It would be nice if it weren't required for the device to implement RSA (vs. ECDSA) though.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.