On Sat, 2013-11-23 at 18:58 +0100, Nikos Mavrogiannopoulos wrote: > > This change removes the protocol-weakening options (e.g., the disabling of > secure renegotiation, the removal of ECDHE ciphersuites, and the restriction > to the known to be weak TLS 1.0). I don't think we can do that; certainly not unconditionally. Some servers (or their firewalls) are very picky about what they allow, and secure renegotiation and TLS > 1.0 have definitely been known to give immediately connection failures. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5745 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20131123/f3b8ab4a/attachment.bin>
