Subject: Re: [DISCUSS] KIP-573: Enable TLSv1.3 by default


Nikolay,

Thanks for the comments. More below:

1. I meant that `ssl.protocol` is TLSv1.2 while `ssl.enabled.protocols` is
`TLSv1.2, TLSv1.3`. How do these two configs interact?
2. My question is not about obsolete protocols, it is about people using
TLS 1.2 with specified cipher suites. How will that behave when TLS 1.3 is
enabled by default?
3. An additional question is how does this impact Java 8 users? Java 8 will
receive TLS 1.3 support later this year (
https://java.com/en/jre-jdk-cryptoroadmap.html), but it currently does not
support it. One way to handle this would be to check if the underlying JVM
supports TLS 1.3 before enabling it.

I hope this clarifies my questions.

Ismael

On Mon, May 18, 2020 at 6:44 AM Nikolay Izhikov <[EMAIL PROTECTED]> wrote: