On Wed, 2016-09-28 at 14:39 +0200, Kai Engert wrote: > The NSS team has released Network Security Services (NSS) 3.27, > which is a minor release. > ... > The full release notes are available at > https://developer.mozilla.org/en- > US/docs/Mozilla/Projects/NSS/NSS_3.27_releas_notes
Unfortunately, we had forgotten to mention an important change in NSS 3.27: The maximum TLS version enabled by default has been increased to TLS 1.3 This is particularly noteworthy, because we have already received incompatibility reports. (For the current status of TLS 1.3, see https://tools.ietf.org/html/draft-ietf-tls-tls13-16 ) In general, if a client supports a newer version of TLS, and offers it in the TLS client_hello message, but the server supports only older versions of TLS, the server can request to use the older preference with the server_hello message. Apparently there are servers that don't follow the above rule, but simply abort the connection (TLS version intolerance), when receiving a client_hello offering TLS 1.3, as sent with NSS 3.27 by default, if the application doesn't request a specific maximum TLS version. If you experience failure to connect to a server with TLS 1.3 enabled, you should probably report this intolerance to the operator of the server. If your client application allows you to configure the maximum TLS version enabled, you could attempt to configure maximum version TLS 1.2 when connecting to a broken server. Consumers of NSS, who'd like to disable the use of TLS 1.3 completely, may do so by defining symbol NSS_DISABLE_TLS_1_3 when building NSS. Kai -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto