openid / connect / issues / #447 - Standard - 2.3 TLS 1.2 Required? — Bitbucket

Issue #447 resolved

Nat Sakimura created an issue 2011-12-19

In OAuth list, people were pointing out that only TLS 1.0 is implementable right now as Apache/OpenSSL released version only supports it.

Comments (4)

Michael Jones
- assigned issue to
  
  Michael Jones
The current OAuth text is:

The authorization server MUST implement TLS. Which version(s) ought to be implemented will vary over time, and depend on the widespread deployment and known security vulnerabilities at the time of implementation. At the time of this writing, TLS version 1.2 <xref target='RFC5246' /> is the most recent version, but has very limited actual deployment, and might not be readily available in implementation toolkits. TLS version 1.0 <xref target='RFC2246' /> is the most widely deployed version, and will give the broadest interoperability.

We will follow the OAuth text.
- 2011-12-20T00:01:26+00:00
hideki nara
If all Connect specs require the mostly same TLS and X.509 requirement, Messages may have a dedicated section for the standard secure transport requirement used in Connect and others refer it.
- 2011-12-20T01:34:31+00:00
Michael Jones
- changed status to resolved
Fixed ~~#447~~ Standard - 2.3 TLS 1.2 Required?

→ 8f9919faf154
- 2011-12-20T10:20:33+00:00
Michael Jones
Fix ~~#447~~ Standard - 2.3 TLS 1.2 Required?

→ 0d4535f67463
- 2011-12-20T10:22:46+00:00
Log in to comment

Assignee: Michael Jones

Type: bug

Priority: major

Status: resolved

Component: –

Milestone: –

Version: –

Votes: 0

Watchers: 0

Jira: the preferred issue tracker for Bitbucket. Join the team!