Proposal to Deprecate TLS v1.2 within OWASP ASVS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have put forth a Pull Request for OWASP Application Security
Verification Standard (ASVS) to deprecate TLS v1.2 and require TLS
v1.3 only.

This is part of a much larger piece of work to align with PCI-DSS
v3.2.1 at https://github.com/OWASP/ASVS/issues/317#issuecomment-829077114

It is also subject to change due to the dependency on what is in the
next major release of PCI-DSS v4.0 of which the latest news is
available at https://blog.pcisecuritystandards.org/pci-dss-v4.0-timeline-updated-to-support-an-additional-rfc

Please note the Pull Request (PR) is at an early stage so it might not
be merged in the next minor release of OWASP ASVS if adoption of TLS
v1.3 is too low at this point in time, etc.

I'd appreciate any further feedback from OpenSSL at
https://github.com/OWASP/ASVS/issues/979 please?


-- 
Regards,
Christian Heinrich

http://cmlh.id.au/contact



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux