Hi, On Thu, Aug 01, 2013 at 12:02:55PM +0200, Jan Just Keijser wrote: > It should be possible to add negotiation without completely breaking > backwards compatibility; right now, when a server pushes an option to > the client that is unrecognized the client will print a warning but it > will not abort. This could be used to push a 'negotation request' - if > the client responds then a negotation phase can start , during which the > encryption key, hashing cipher, MTU settings etc can be negotiated. If > the client does not respond the server would need to assume that it's a > 2.3 or older client.
Maybe I'm a bit naive, but since the data layer cipher is independent of
the TLS cipher anyway, can't we just "push cipher xxx"?
Or is push/pull crypted with the data layer cipher?
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany [email protected]
fax: +49-89-35655025 [email protected]
pgpPLJ61OfrCS.pgp
Description: PGP signature
