[Cryptography] People should turn on PFS in TLS
James Cloos
cloos at jhcloos.com
Fri Sep 6 20:18:48 EDT 2013
>>>>> "PEM" == Perry E Metzger <perry at piermont.com> writes:
PEM> Anyone at a browser vendor resisting the move to 1.2 should be
PEM> viewed with deep suspicion.
Is anyone?
NSS has 1.2 now; it is, AIUI, in progress for ff and sm.
Chromium supports it (as of version 29, it seems).
Opera supports 1.2 (at least as of version 12, maybe earlier?).
Arora 0.11.0 doesn't seem to provide a way to check....
Links and elinks only did tls 1.1.
I don't see a way to get lynx or w3m (text browsers), midori, luakit or
xombrero (webkit-gtk) or qupzilla (webkit-qt) to report the tls version
details. So I cannot confirm what webkit can do.
A bug report from 2011 for polarssl mentions that ie9 can do 1.2.
I don't think there is anything else I can test.
With it in openssl, gnutls, nss, polarssl, et alia support seems pretty
complete. It will take some time for the current ff alpha to filter
down to a "release", but otherwise things look good on the 1.2 front.
-JimC
--
James Cloos <cloos at jhcloos.com> OpenPGP: 1024D/ED7DAEA6
More information about the cryptography
mailing list