On Mon, Apr 09, 2018 at 10:16:06PM +0100, Joseph Birr-Pixton wrote: > Hello, > > PR#1163 in draft-26 seems to have broken interop with previous drafts > with a variety of deployed implementations. draft-26 and later clients > fail with a protocol_version alert. > > Affected Internet servers include: > > cloudflare.com: offers draft-23, intolerant to draft-26 > www.apple.com: seemingly unwilling to negotiate any draft, but > intolerant anyway(?) > www.microsoft.com: same > google.com: same > > https://jbp.io/assets/tls13-logs/cloudflare.broken.txt > https://jbp.io/assets/tls13-logs/apple.broken.txt > https://jbp.io/assets/tls13-logs/microsoft.broken.txt > https://jbp.io/assets/tls13-logs/google.broken.txt > > In all these cases, offering TLS1.2 in supported_versions (ie, the > pre-draft-26 behaviour) works, and TLS1.2 is negotiated: > > https://jbp.io/assets/tls13-logs/cloudflare.works.txt > https://jbp.io/assets/tls13-logs/apple.works.txt > https://jbp.io/assets/tls13-logs/microsoft.works.txt > https://jbp.io/assets/tls13-logs/google.works.txt > > Corroboration appreciated. It's totally possible I'm doing something stupid > :)
It is not expected for draft-NN to interoperate with draft-YY, but implementations thereof that also support TLS 1.2 should be able to negotiate TLS 1.2. So depending on what you mean by "intolerant", there may be nothing to see here. -Ben _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls