Eric Rescorla <e...@rtfm.com> writes: >So if the server wants TLS 1.1, then it doesn't set the bytes.
If that's the case then the text that says: If negotiating TLS 1.1 or below, TLS 1.3 servers MUST and TLS 1.2 servers SHOULD set the last eight bytes of their Random value ... needs to be fixed, beause as far as I can tell that's saying that if the server wants TLS 1.1 then it has to set the bytes, not that it doesn't set the bytes. Here's an example of where this causes problems. A TLS 1.2 client connects to the server. The server, a TLS 1.2 server, is configured to use TLS 1.1, so it responds with the signalling bytes in its random value. The client is now required to abort the handshake even though everything is running as it should. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
