Request for feedback from server/client implementers using\n non-OpenSSL TLS stacks

nervuri nervuri at disroot.org
Tue Nov 9 08:17:33 GMT 2021

Previous message (by thread): Request for feedback from server/client implementers using\n non-OpenSSL TLS stacks
Next message (by thread): Request for feedback from server/client implementers using non-OpenSSL TLS stacks
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2021-11-08, mbays wrote:
>Another one I think is particularly important for Gemini:
>TLS 1.2 sends client certificates in the clear, while with 1.3 they are
>encrypted.

This is the most important one, I think.  Sending client certificates in
the clear can be really bad for privacy, especially as they may contain
your e-mail address, username and/or other sensitive information.

>Even if the spec doesn't end up mandating 1.3, it might be worth
>requiring it for servers which make use of client certificates.

Yep.  Discussed here:

https://gitlab.com/gemini-specification/protocol/-/issues/12

Previous message (by thread): Request for feedback from server/client implementers using\n non-OpenSSL TLS stacks
Next message (by thread): Request for feedback from server/client implementers using non-OpenSSL TLS stacks
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list