Question: Guidelines for clients

[yschimke]

Are there guidelines for Clients?

I'm updating OkHttp cipher suites, https://github.com/square/okhttp/blob/3ad1912f783e108b3d0ad2c4a5b1b89b827e4db9/okhttp/src/jvmMain/kotlin/okhttp3/ConnectionSpec.kt#L271

To do it, I'm surveying Chrome, Firefox, combining with JVM and Conscrypt supported cipher suites.

Firefox 73 - https://www.ssllabs.com/ssltest/viewClient.html?name=Firefox&version=73&platform=Win%2010&key=171

But wondering if there is a formal process for Firefox?

[yschimke]

Feel free to close if out of scope.

this is the process I came up with https://github.com/square/okhttp/pull/7393

And the output https://docs.google.com/spreadsheets/d/15IMJSVHjFQxuy1_trOGRz4FS9MCFquKzrfu_4pI84kU/edit#gid=0

[tomato42]

No, there are no guidelines for clients, but then the list of permitted ciphers works just as well on the client side as it does on server side.