Ilari Liusvaara <[email protected]> wrote:
> On Fri, Dec 15, 2017 at 07:33:44PM +0000, Tim Hollebeek wrote:
>>
>> However, servers are easier to upgrade than clients, which is why you see
>> some of the server side support you mention. I know CloudFlare in
>> particular helped a lot of people cope with communicating with clients who
>> had different certificate capabilities. It isn't a bad thing that both
>> approaches exist.
>
> Also, it should be noted that the past two migrations needed to be
> compatible with TLS 1.0 and 1.1, which have much less advanced
> signature negotiation than TLS 1.2 (and 1.3).
There is an awfully large installed base of borked TLSv1.2 servers.
If those servers are equipped with a sha256WithRsaEncryption server cert,
the handshake results are:
- TLSv1.0 for SSLv3 ClientHello w/ client_version = (3,1)
- TLSv1.1 for SSLv3 ClientHello w/ client_version = (3,2)
- TLSv1.1 for SSL VERSION 2 CLIENT-HELLO offering (3,3)
- chokes and drops network connection
for SSLv3 ClientHello w/ client_version = (3,3)
i.e. there exists a serious interop problem for TLSv1.2 with such servers,
but there is no problem interoperating with TLSv1.0 or TLSv1.1
-Martin
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
