On Tue, 10 Jan 2023 20:16:02 GMT, Matthew Donovan <d...@openjdk.org> wrote:
> > This update will introduce version negotiation issues. Per TLS spec, > > version 105.106 should be allowed and the version could be negotiated > > properly. When TLS 1.4 is defined later in the future, the code update here > > will cause serious compatibility issues. This has been a well-known issue > > in some implementations. > > I'm not sure what you mean here. Can you point me towards the spec that > you're referring to? > Please refer to ["Appendix E. Backward Compatibility"](https://www.rfc-editor.org/rfc/rfc5246#appendix-E) of RFC 5246. Let see an example, suppose TLS 1.4 is defined. If the server is only able to accept TLS 1.3, if the client is using TLS 1.4 format, the connection cannot be established. But TLS 1.3 should be negotiated. BTW, this filed has been deprecated and "MUST be ignored for all purposes" since TLS 1.3 (See RFC 8446). > If we need to support later, currently undefined, versions then is > IllegalRecordVersion a valid test? That's the good question. It may worthy of further evaluation and the test case could be removed if it is not valid. ------------- PR: https://git.openjdk.org/jdk/pull/11929
