>>> Peter Gutmann <pgut...@cs.auckland.ac.nz> 22.09.16 7.00 Uhr >>>

> Nope.  There's a big difference between "I can't continue" and "I can 
> continue without any problems but don't want to".  The example I gave of
> "Couldn't connect to Amazon because no suitable encryption was available"
> would be the error message to display in the case of a decode error that
> garbled the cipher suites, an "I can't continue" condition.  The current
> thread starter was a case of "I can continue without any problems but don't
> want to", which pretty much any user of the product will perceive as a buggy
> product, meaning they'll drop it and switch to something that works.

> Peter.

I see your point here. However, where would you draw the line between "I can't" 
and "I don't want to"? Think of a cipher suites list with 3 bytes in a 
ClientHello. You can still find one cipher suite that could be ok to work with. 
However, how can you trust the first two bytes if you find that third byte 
telling you something's abnormal?


TLS mailing list

Reply via email to