On Mon, Apr 9, 2018 at 2:16 PM, Joseph Birr-Pixton <jpix...@gmail.com>

> Hello,
> PR#1163 in draft-26 seems to have broken interop with previous drafts
> with a variety of deployed implementations. draft-26 and later clients
> fail with a protocol_version alert.
> Affected Internet servers include:
> cloudflare.com: offers draft-23, intolerant to draft-26
> www.apple.com: seemingly unwilling to negotiate any draft, but
> intolerant anyway(?)
> www.microsoft.com: same
> google.com: same
> https://jbp.io/assets/tls13-logs/cloudflare.broken.txt
> https://jbp.io/assets/tls13-logs/apple.broken.txt
> https://jbp.io/assets/tls13-logs/microsoft.broken.txt
> https://jbp.io/assets/tls13-logs/google.broken.txt
> In all these cases, offering TLS1.2 in supported_versions (ie, the
> pre-draft-26 behaviour) works, and TLS1.2 is negotiated:

You're just sending supported_versions = {0x7f1a}, but that's not
correct. You need to send {0x7f1a, 0x0303}:


   The "supported_versions" extension is used by the client to indicate
   which versions of TLS it supports and by the server to indicate which
   version it is using.  The extension contains a list of supported
   versions in preference order, with the most preferred version first.
   Implementations of this specification MUST send this extension in the
   ClientHello containing all versions of TLS which they are prepared to
   negotiate (for this specification, that means minimally 0x0304, but
   if previous versions of TLS are allowed to be negotiated, they MUST
   be present as well).


So what's happening here is the any server which knows about TLS 1.3
is getting a version mismatch.

PR#1163 was just about what the server sends.


> https://jbp.io/assets/tls13-logs/cloudflare.works.txt
> https://jbp.io/assets/tls13-logs/apple.works.txt
> https://jbp.io/assets/tls13-logs/microsoft.works.txt
> https://jbp.io/assets/tls13-logs/google.works.txt
> Corroboration appreciated.  It's totally possible I'm doing something
> stupid :)
> Thanks,
> Joe
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
TLS mailing list

Reply via email to