Industry Concerns about TLS 1.3
ietf.orgSo banks want to continue not supporting PFS. Banks can afford to log the private ECDHE key of every connection to decrypt all captured packets at a later date.
Wow. My message to the banks: We are trying to build a more secure internet. Update your servers, libraries, etc every few years like the rest of us. You're not special. It's hard for all of us.
The changes in TLS 1.3 are long overdue. There are some of us who argued vociferously to not include some of those bad ciphers but we were overruled, probably by the same cabal that decided to remove IPsec from mandatory-to-implement for IPv6.