18 Jan
2024
18 Jan
'24
8:51 p.m.
On Fri, Jan 19, 2024 at 10:21:56AM +0900, Kazu Yamamoto (山本和彦) via Haskell-Cafe wrote:
I'm planning to release the "tls" package v2.0.0 probably within one month. It removes TLS 1.0/1.1 and provides only TLS 1.2/1.3 with safe cipher suites according to recent RFCs and internet-drafts.
This version does not change the default usage. But if you are using custom parameters, you might have to modify your code. This breaking change is *intentional* to notice users that they are using vulnerable versions and/or parameters.
I'd very much prefer that support for TLS 1.0/1.1 not be removed. Any chance you could find some way to explicitly keep these protocol versions enabled? -- Viktor.