Re: [openssl-project] Inappropriate fallback triggered when "holes" in client protocol list indirectly exclude TLSv1.3

2018-08-15 Thread Viktor Dukhovni
> On Aug 15, 2018, at 11:50 AM, Matt Caswell wrote: >> >> I think this counts as a regression, the client should notice that >> it implicitly disabled TLS 1.3, and therefore not react to the >> server's version sentinel by aborting the connection. Thoughts? >> > > Hmm. Yes we should

Re: [openssl-project] Inappropriate fallback triggered when "holes" in client protocol list indirectly exclude TLSv1.3

2018-08-15 Thread Matt Caswell
On 15/08/18 16:46, Viktor Dukhovni wrote: > When I configure a client with a legacy TLS 1.2 protocol exclusion, > e.g. by setting SSL_OP_NO_TLSv1_2 (rather than the new min/max > version interface), as a result of the new TLS 1.3 protocol > suport configurations that previously negotiated "up

[openssl-project] Inappropriate fallback triggered when "holes" in client protocol list indirectly exclude TLSv1.3

2018-08-15 Thread Viktor Dukhovni
When I configure a client with a legacy TLS 1.2 protocol exclusion, e.g. by setting SSL_OP_NO_TLSv1_2 (rather than the new min/max version interface), as a result of the new TLS 1.3 protocol suport configurations that previously negotiated "up to" TLS 1.1, now fail when communicating with a TLS