Ilari Liusvaara <ilariliusva...@welho.com> wrote: > On Fri, Dec 15, 2017 at 07:33:44PM +0000, Tim Hollebeek wrote: >> >> However, servers are easier to upgrade than clients, which is why you see >> some of the server side support you mention. I know CloudFlare in >> particular helped a lot of people cope with communicating with clients who >> had different certificate capabilities. It isn't a bad thing that both >> approaches exist. > > Also, it should be noted that the past two migrations needed to be > compatible with TLS 1.0 and 1.1, which have much less advanced > signature negotiation than TLS 1.2 (and 1.3).
There is an awfully large installed base of borked TLSv1.2 servers. If those servers are equipped with a sha256WithRsaEncryption server cert, the handshake results are: - TLSv1.0 for SSLv3 ClientHello w/ client_version = (3,1) - TLSv1.1 for SSLv3 ClientHello w/ client_version = (3,2) - TLSv1.1 for SSL VERSION 2 CLIENT-HELLO offering (3,3) - chokes and drops network connection for SSLv3 ClientHello w/ client_version = (3,3) i.e. there exists a serious interop problem for TLSv1.2 with such servers, but there is no problem interoperating with TLSv1.0 or TLSv1.1 -Martin _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls