[Openid-specs-fapi] Issue #549: Network Layer Protections restrict use of more recent TLS 1.2 ciphers (openid/fapi)
panva
issues-reply at bitbucket.org
Mon Oct 31 11:57:39 UTC 2022
New issue 549: Network Layer Protections restrict use of more recent TLS 1.2 ciphers
https://bitbucket.org/openid/fapi/issues/549/network-layer-protections-restrict-use-of
Filip Skokan:
In [https://openid.net/specs/fapi-2\_0-baseline-01.html#name-network-layer-protections](https://openid.net/specs/fapi-2_0-baseline-01.html#name-network-layer-protections) and [https://openid.net/specs/openid-financial-api-part-2-1\_0.html#tls-considerations](https://openid.net/specs/openid-financial-api-part-2-1_0.html#tls-considerations) we’re restricting the use of TLS 1.2 ciphers to only 4 ciphers.
There were however ciphers added to TLS 1.2 after the BCP, e.g. [https://www.rfc-editor.org/rfc/rfc7905](https://www.rfc-editor.org/rfc/rfc7905), which I believe make no sense to restrict use of.
This affects both FAPI1 and FAPI2
More information about the Openid-specs-fapi
mailing list