Hacker News new | past | comments | ask | show | jobs | submit login

Imagine that TLS 1.3 is found to have a critical flaw and more vulnerable than TLS 1.2. You then set your min/max to 1.2.

Later TLS 1.4 comes out. How can I allow new TLS 1.4 and existing TLS 1.2 clients without allowing TLS 1.3 clients using your method.

The server software would have to be updated to include a blacklist or go back to being an ordered list.

Why not support both configuration strategies?

Because that gives the application even more chances to do the wrong thing, which is what we were trying to avoid.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact