💾 Archived View for gem.benscraft.info › mailing-list › messages › 176 captured on 2021-12-05 at 23:47:19. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-12-03)
-=-=-=-=-=-=-
- nervuri <nervuri at disroot.org>
@ Thu, 08 Apr 2021 16:59 +0000
Reply to Sean Conner <sean at conman.org>
────────────────────────────────────────────────────────────────────────────────
On Wed, 2021-04-07, Sean Conner wrote:
Also, stats [1] show that some 21% of Gemini sites still use TLS 1.2.
Personally, I think that once this falls below 5% (or greater than 95%
of all sites support TLS 1.3) we can revisit this decision.
Ok. We should also test clients. I was working on that, but other
things took priority.
Also, if the actual blocker is the percentage of servers and clients
supporting TLS 1.3, then that's what the specification should say,
rather than referring to libraries. It can be vague, like:
TLS 1.2 is reluctantly permitted until TLS 1.3 support is more
widespread among Gemini servers and clients. The minimum required TLS
version is 1.2, but clients who wish to be "ahead of the curve" MAY
refuse to connect to servers using TLS version 1.2.
Implementations MUST support TLS SNI...
This would be closer to Solderpunk's original text.
════════════════════════════════════════════════════════════════════════════════