writes with a bit of news
from last week that seems to have slipped under the radar. The IETF TLS working group has reached consensus on dropping static RSA cipher suites from TLS 1.3
, instead requiring the use of Diffie-Hellman Exchange
(or the faster ellipitic curve
variant). Static DH and not just ephemeral DH key exchange will be supported, so not all connections will have forward secrecy
. The consensus is subject to change before the final TLS 1.3 specification
is released, and there are still details to be worked out. The changes to the draft are pending
as a git pull request.