- From: Michael Sweet <msweet@apple.com>
- Date: Wed, 24 Sep 2014 06:27:09 -0700
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: Simone Bordet <simone.bordet@gmail.com>, Eric Rescorla <ekr@rtfm.com>, Roland Zink <roland@zinks.de>, HTTP Working Group <ietf-http-wg@w3.org>
The TLS library is enabling it - the client "gets it for free" unless it goes out of its way to pick a list of cipher suites it wants to use (whitelist) or removes a list of cipher suites that is doesn't want to use (blacklist). But until HTTP/2 no HTTP client has had to specify acceptable cipher suites... Sent from my iPad > On Sep 24, 2014, at 2:26 AM, Martin Thomson <martin.thomson@gmail.com> wrote: > >> On 24 September 2014 02:23, Simone Bordet <simone.bordet@gmail.com> wrote: >> A polyglot client that can speak multiple protocols (e.g. h1, h2) >> cannot just disable ciphers globally only because one of those >> protocols has special needs, also considering the client has no idea >> what protocol will be chosen. > > But a polyglot can ensure that it understands the implications of > enabling suite X before it does so. For all of the protocols it > speaks. >
Received on Wednesday, 24 September 2014 13:27:38 UTC