On Mon, Feb 19, 2018 at 08:31:53AM -0800, Jim Schaad wrote:
> I think that the wording I would prefer would be along the lines of
> A server MUST NOT error on the value of the extension when a higher
> TLS version is requested. The server MUST use the minimum of the
> requested value and the maximum value for the TLS version negotiated.
> A server MAY error if a the value of the extension is exceeded for
> the version of TLS requested.
You need to consider the case where there is some unknown-to-server
extension that happens to alter the limit.
TLS mailing list