IdP v4.0.1 issues with CBC relying-party overrides and SPs with cipher-suite metadata

Alan Buxey alan.buxey at
Thu Nov 12 18:11:34 UTC 2020


this is because IdP 4.x uses GCM by default whereas 3.x and earlier used
CBC by default, yes?   So whilst
saying it can do GCM is metadata (probably the metadata generated from a
previous Sib instance they ran)
is bad....there are those SPs out there that cant/(wont?) do GCM that will
require a exception list defining :/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list