IdP v4.0.1 issues with CBC relying-party overrides and SPs with cipher-suite metadata

[Alan Buxey]

hi,

this is because IdP 4.x uses GCM by default whereas 3.x and earlier used
CBC by default, yes?   So whilst
saying it can do GCM is metadata (probably the metadata generated from a
previous Sib instance they ran)
is bad....there are those SPs out there that cant/(wont?) do GCM that will
require a exception list defining :/

alan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20201112/8ceb1c42/attachment.htm>