[Openid-specs-ab] Issue #1159: TLS requirements/recommendations for OP/RP (openid/connect)

josephheenan issues-reply at bitbucket.org
Wed Feb 26 12:22:14 UTC 2020

New issue 1159: TLS requirements/recommendations for OP/RP

Joseph Heenan:

Does the WG have a position on whether TLS 1.2 support is generally recommended / required for OP/RPs?

\(Particularly from the angle of whether the certification tests should make any tests in this area. The core certification tests currently don’t as discussed at [https://gitlab.com/openid/conformance-suite/-/merge\_requests/865#note\_289042502](https://gitlab.com/openid/conformance-suite/-/merge_requests/865#note_289042502) \)

The text in the latest standard mentions that ‘at the time of writing TLS 1.2 is not widely deployed’ \([https://bitbucket.org/openid/connect/src/default/openid-connect-core-1\_0.xml#lines-6889](https://bitbucket.org/openid/connect/src/default/openid-connect-core-1_0.xml#lines-6889)\) - I guess perhaps this text could be updated as part of the impending errata update?

More information about the Openid-specs-ab mailing list