On Thu, Jul 14, 2022 at 10:12 AM Andrei Popov <Andrei.Popov@xxxxxxxxxxxxx> wrote:
Speaking of PCs and servers: I took a look at Windows TLS stack telemetry (only including those OS versions that support TLS 1.3).
TLS 1.2 is negotiated for 99% of the TLS server connections and 98% of the TLS client connections using Windows TLS stack.
TLS 1.3 use amounts to 0.4% of TLS server connections and just under 2% of TLS client connections.
Thank you for the data-driven approach, but it definitely doesn't match other reports. Maybe it means TLS 1.2 /could/ be negotiated for 99% of connections?
Here is a 2019 document from the IETF:
thanks,
Rob
Cheers,
Andrei
-----Original Message-----
From: Uta <uta-bounces@xxxxxxxx> On Behalf Of Peter Gutmann
Sent: Wednesday, July 13, 2022 8:07 PM
To: Rob Sayre <sayrer@xxxxxxxxx>; Peter Saint-Andre <stpeter@xxxxxxxxxx>
Cc: Benjamin Kaduk <kaduk@xxxxxxx>; secdir@xxxxxxxx; draft-ietf-uta-rfc7525bis.all@xxxxxxxx; last-call@xxxxxxxx; uta@xxxxxxxx
Subject: [EXTERNAL] Re: [Uta] [Last-Call] Secdir telechat review of draft-ietf-uta-rfc7525bis-09
Rob Sayre <sayrer@xxxxxxxxx> writes:
>Also, in the realm of opinion rather than correctness: mandating TLS
>1.2 support is misguided. Every TLS implementation maintains divided
>codebases for 1.2 vs 1.3.
On desktop PCs and servers perhaps, but in embedded the very fact that you need two sets of codebases means many systems will stay with 1.2, possibly forever when everything around them is also staying with 1.2.
>No one reads the TLS 1.2 code very closely these days, in my
>experience, so the BCP would be mandating support for something people
>don't really work on anymore.
Unless the only codebase you've got is 1.2. However in the same embedded systems you typically do it once, do it right, and skip the neverending flow of bells and whistles that keep appearing, so there's no need to constantly fiddle with the code as for PC/server use.
Peter.
_______________________________________________
Uta mailing list
Uta@xxxxxxxx
https://nam06.safelinks.protection.outlook.com/?url="">
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call