Re: [TLS] New version intolerance caused by draft-26 supported_versions change?

On 9 April 2018 at 22:29, Eric Rescorla wrote: > PR#1163 was just about what the server sends. Aha. This is the bit I missed. I had interpreted "you can't negotiate pre-TLS 1.3 with supported_versions" applied to both ends. Thanks! Joe

Re: [TLS] New version intolerance caused by draft-26 supported_versions change?

On Mon, Apr 9, 2018 at 2:16 PM, Joseph Birr-Pixton wrote: > Hello, > > PR#1163 in draft-26 seems to have broken interop with previous drafts > with a variety of deployed implementations. draft-26 and later clients > fail with a protocol_version alert. > > Affected Internet

Re: [TLS] New version intolerance caused by draft-26 supported_versions change?

Your results are not really very surprising. Different folks are at different drafts, and "everyone" is waiting for the final RFC to be published and upgrade then. ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] New version intolerance caused by draft-26 supported_versions change?

On Mon, Apr 09, 2018 at 10:16:06PM +0100, Joseph Birr-Pixton wrote: > Hello, > > PR#1163 in draft-26 seems to have broken interop with previous drafts > with a variety of deployed implementations. draft-26 and later clients > fail with a protocol_version alert. > > Affected Internet servers

[TLS] New version intolerance caused by draft-26 supported_versions change?

Hello, PR#1163 in draft-26 seems to have broken interop with previous drafts with a variety of deployed implementations. draft-26 and later clients fail with a protocol_version alert. Affected Internet servers include: cloudflare.com: offers draft-23, intolerant to draft-26 www.apple.com: