On Sat, Jul 18, 2015 at 8:47 AM, Michael Felt <[email protected]> wrote: > * Should the server determine that for a specific "Location"/"Directory" > more strict levels > are needed then a new handshake (renegotiate if you prefer) for a stricter > cipher should start. However, based on the assumption above (the strictest > cipher that the client has is already being used) - this should always fail > because the client is not already at that level.
The assumption is not right. The servers list and the clients list are in an arbitrary order decided by whoever wrote and configured the software, and the server can choose to honor either (or neither, but that would be weird) ordering. Also, some ciphers do not have such a strict relative ordering of strength.
