David Benjamin writes:
>The operators themselves are probably not in a position to either implement
>supported_versions or not in TLS 1.2. If an operator, for whatever reason,
>only has a TLS 1.2 implementation on hand, it presumably predates TLS 1.3 and
>thus does not implement supported_version
* So, yes, I'd agree there's not much benefit to recommend that a
TLS-1.2-only implementation add supported_versions, or that an operator look
for such an implementation. Any implementation-gated effort is better spent
getting to TLS 1.3.
I agree that if you have supported_versions than y
The operators themselves are probably not in a position to either implement
supported_versions or not in TLS 1.2. If an operator, for whatever reason,
only has a TLS 1.2 implementation on hand, it presumably predates TLS 1.3
and thus does not implement supported_versions. If it implements
supported
Thanks for the feedback Ben and David.
It could be valid to populate both if the client wishes to offer both
a TLS
1.2 session and a (different!) TLS 1.3 session.
Agreed. This works for cases when a client connects to a server endpoint
that has a mix of TLS1.2 and TLS1.3 servers. The client
On 11/16/21 8:42 AM, Hanno Böck wrote:
On Tue, 16 Nov 2021 08:36:31 -0700
Peter Saint-Andre wrote:
By our reading, it doesn't make any difference to a TLS 1.2
implementation whether it sends or receives the "supported_versions"
extension. Corrections welcome, of course! If this is the case, we
On Tue, 16 Nov 2021 08:36:31 -0700
Peter Saint-Andre wrote:
> By our reading, it doesn't make any difference to a TLS 1.2
> implementation whether it sends or receives the "supported_versions"
> extension. Corrections welcome, of course! If this is the case, we'd
> prefer not to recommend that
While working on rfc7525bis [1], we've been pondering [2] whether to
recommend the "supported_versions" extension for TLS 1.2 (not TLS 1.3)
implementations. RFC 8446 states:
- The "supported_versions" ClientHello extension can be used to
negotiate the version of TLS to use, in prefere
