[Openid-specs-fapi] Issue #129: TLS cipher restrictions should be relaxed for the authorise endpoint (openid/fapi)
Joseph Heenan
issues-reply at bitbucket.org
Fri Jan 12 11:59:23 UTC 2018
New issue 129: TLS cipher restrictions should be relaxed for the authorise endpoint
https://bitbucket.org/openid/fapi/issues/129/tls-cipher-restrictions-should-be-relaxed
Joseph Heenan:
OpenBanking have decided to allow more ciphers on the authorise endpoints for user-agent interoperability reasons:
https://openbanking.atlassian.net/wiki/spaces/DZ/pages/47546479/Known+Specification+Issues
We should probably make some allowance for this in the FAPI spec - I'm not sure what we should actually recommend though; perhaps just say it may be weaker and use there own judgement to follow BCP195?
More information about the Openid-specs-fapi
mailing list