Hubert Kario <hka...@redhat.com> wrote:
> Currently the description of the extension states that only TLS versions
> can
> be listed in the extension and all unknown versions must be ignored.
>
> I wonder if making it explicit that {3, 0} and any lower values MUST NOT be
> advertised wouldn't be a good idea, if only to hammer it that SSL3 must
> not be
> used.
>
AFAICT, there's no need to list any version in that extension lower than
TLS 1.2, and maybe not even TLS 1.2. If the server understand the extension
then it is (almost?) definitely a TLS 1.3+ implementation, so it should
choose TLS 1.3 or later. If the server doesn't understand the extension
then it will use the ClientHello.legacy_version field for version
negotiation.
Therefore, I suggest the following change:
OLD: "Implementations of this specification MUST send this extension
containing all versions of TLS which they are prepared to negotiate. For
this specification, that means minimally {3, 4}, but if previous versions
of TLS are supported, they MUST be present as well."
NEW: "Implementations of this specification MUST send this extension
containing all versions of TLS from TLS 1.3 onwards (only) which they are
prepared to negotiate. For this specification, that means minimally {3, 4}.
If previous versions of TLS are supported, they MUST NOT be present."
Cheers,
Brian
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
