On Fri, Apr 11, 2014 at 04:57:17PM +0530, Pravin Tatti wrote: > Ok fine you can be forward compatible but i still don't agree its my > personal opinion if I don't know what the packet format for next version > why should I support it. But this was not the major issue for what i > started the discussion. I think the major is relaxing the record layer > check to SSLv3 and we should fix it.
It's not a matter of opinion but specification. If the packet format is specified as being exclusively for 3.0..3.3, then we should only match this. If it's specified as part of TLS for which only versions 3.0 to 3.3 are currently defined, then we must apply the default rule specified for the whole protocol according to how to handle newer versions. All protocols generally indicate how newer versions must be handled, and it's important to stick on the rule they dictate in order not to break interoperability with future clients. Willy
