On Mon, Feb 19, 2018 at 08:31:53AM -0800, Jim Schaad wrote: > Martin, > > I think that the wording I would prefer would be along the lines of > > A server MUST NOT error on the value of the extension when a higher > TLS version is requested. The server MUST use the minimum of the > requested value and the maximum value for the TLS version negotiated. > A server MAY error if a the value of the extension is exceeded for > the version of TLS requested.
You need to consider the case where there is some unknown-to-server extension that happens to alter the limit. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls