-
assigned issue to
- changed milestone to Errata
TLS requirements/recommendations for OP/RP
Issue #1159
resolved
Does the WG have a position on whether TLS 1.2 support is generally recommended / required for OP/RPs?
(Particularly from the angle of whether the certification tests should make any tests in this area. The core certification tests currently don’t as discussed at https://gitlab.com/openid/conformance-suite/-/merge_requests/865#note_289042502 )
The text in the latest standard mentions that ‘at the time of writing TLS 1.2 is not widely deployed’ (https://bitbucket.org/openid/connect/src/default/openid-connect-core-1_0.xml#lines-6889) - I guess perhaps this text could be updated as part of the impending errata update?
Comments (5)
-
-
- changed status to open
-
- changed component to All
-
-
- changed status to resolved
- Log in to comment
I will update this text to reflect present realities.