bcp00301: adjust required TLS 1.2 cipher suite based upon feedback

AMWA-TV / bcp-003

AMWA BCP-003 Security recommendations for NMOS APIs

https://specs.amwa.tv/bcp-003

Apache License 2.0

3 stars 3 forks source link

bcp00301: adjust required TLS 1.2 cipher suite based upon feedback #38

Closed andrewbonney closed 5 years ago

andrewbonney commented 5 years ago

Resolves #33

garethsb commented 5 years ago

Actually... one comment... the list of TLS 1.2 cipher suites after the required suite is fulfilling an additional purpose, to indicate the priority order. It is not clear where the REQUIRED suite should be included in this list, I'm not convinced for example that it belongs at the top?

andrewbonney commented 5 years ago

Yes, agreed. Perhaps the two 'SHOULD' lists should duplicate the required ciphers but indicating their positioning too.