On Mon, Feb 19, 2018 at 08:31:53AM -0800, Jim Schaad wrote:
> Martin,
> I think that the wording I would prefer would be along the lines of 
> A server MUST NOT error on the value of the extension when a higher
> TLS version is requested.  The server MUST use the minimum of the
> requested value and the maximum value for the TLS version negotiated.
> A server MAY error if a the value of the extension is exceeded for
> the version of TLS requested.

You need to consider the case where there is some unknown-to-server
extension that happens to alter the limit.


TLS mailing list

Reply via email to