
TLS 1.2 Comes to Mono - dgellow
http://tirania.org/blog/archive/2016/Sep-30.html
======
hannob
Wow, they're fast. It's only been three years since all pre-1.2-ciphers were
shown to be mostly insecure.

------
praseodym
So they're using Google's BoringSSL, which according to Google itself isn't
intended for general use:

> Although BoringSSL is an open source project, it is not intended for general
> use, as OpenSSL is. We don't recommend that third parties depend upon it.
> Doing so is likely to be frustrating because there are no guarantees of API
> or ABI stability.

(from
[https://boringssl.googlesource.com/boringssl/](https://boringssl.googlesource.com/boringssl/))

------
bascule
Just in time for TLS 1.3!

------
mrmondo
Jesus Christ that is well overdue - I know mono isn't exactly like Microsoft's
projects but why Microsoft never treats security - especially cyphers and
protocols with any sense of urgency baffles me.

------
microcolonel
Welcome to 2008, Mono. :- )

~~~
zapu
I wanted to post "Patches welcome!", but then I remembered, wasn't mono backed
by commercial company and then bought by Microsoft? It's a shame that they are
lagging behind in security critical areas.

