On 10/18/18 11:06 PM, Barry Brimer wrote:
On Thu, 18 Oct 2018, Robert Moskowitz wrote:
On 10/18/18 4:14 PM, Johnny Hughes wrote:
On 10/18/2018 12:36 PM, Walter H. wrote:
On 18.10.2018 00:08, Johnny Hughes wrote:
The bottom line .. we don't make the decision whether or not to use systemd or not. We rebuild RHEL source code.
will there come a CentOS 6.11 which will be capable of TLS1.3 or HTTP/2? I'm sure there will come a CentOS 8, but when is it probable to be released?
We have no idea .. we don't design what is in CentOS. If Red Hat adds those things to RHEL-6 then we will put them in CentOS .. If they don't we won't.
And for example, if RH does not backport openSSL 1.1.1, you will not get EDDSA certificate support for TLS 1.3. Now you might not care about this for your servers and just continue to use ECDSA certs. Clients will increasingly encounter EDDSA certs and it will be interesting to see how this is handled in older clients. We have had years to spread support for ECDSA before it started appearing from servers. May not for EDDSA.
I am under the impression that TLSv1.3 support appeared in 1.1.1 so I don't believe that you could do any TLS 1.3 with prior versions.
Yeah, I was kind of hedging my comment that maybe something for 1.3 would be in the earlier version, but yes, all the TLS 1.3 work was focused on openSSL 1.1.1. I was personally focused on EDDSA support.
So a number of items have to appear in C6 for it to support TLS 1.3. More slowness in TLS 1.3 availability. Kind of flies in the face of a claim made against my HIP protocol which 'requires kernel level changes' and thus too hard to deploy. TLS is an upper layer protocol and changes easily roll out.
Yeah, right.