> On 19 Oct 2015, at 6:24 AM, Martin Thomson <[email protected]> wrote: > > On 18 October 2015 at 16:59, Eric Rescorla <[email protected]> wrote: >> Yeah, I am starting to think I was getting too clever here and it would be >> better >> to just say "tear down the connection" > > > I can't think of any situation in which a compliant, valid ServerHello > would induce that behaviour. It would have to be busted somehow, I > guess.
I was thinking some extension missing from the ServerHello that the client isn’t willing to do without, but I can’t think of any that makes sense. A ServerKeyExchange might have a key or a signature that fails some standard. I guess the “western” client with the GOST server is solved by the server returning an alert instead of a ServerHello. In this case they could continue with the connection but it’s still a matter of classifying all the fatal vs non-fatal conditions. That and coming up with an alternate term that does not confuse with the fatal and non-fatal alerts of TLS. Yoav _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
