On Mon, Jul 13, 2015 at 9:28 AM, Ilari Liusvaara < ilari.liusva...@elisanet.fi> wrote:
> On Mon, Jul 13, 2015 at 06:10:52PM +0200, Martin Rex wrote: > > Dave Garrett wrote: > > > On Monday, July 13, 2015 10:30:06 am Martin Rex wrote: > > >> Section 7.4.1.4 Hello Extensions and its subsections are clearly > > >> IRRELEVANT for a client that does not use Hello Extensions. > > > > > > If you want to put it that way, sure, however they are NOT irrelevant > > > for a _server_ that does use hello extensions. This is a direct part > > > of the TLS 1.2 spec, > > > > That particular MUST in 7.4.1.4.1 is *VOID* because it is incompatible > with > > rfc2119 section 6. As it can be easily verified, the behaviour > > described in rfc5246 is detrimental to interoperability and security. > > I don't see such conflict (except with TLS 1.0/1.1 client with TLS 1.2 > server). The scenarios where that sort of behaviour would cause actual > interop trouble (meaning it could have worked otherwise, assuming non- > buggy client/server) are: > > - TLS 1.0/1.1 client (ClientVersion 3.1 or 3.2) connecting to TLS 1.2 > server. Or > Hmm... TLS 1.2 servers shouldn't be following this section if the client is claiming to be TLS 1.0 or 1.1. I don't think that this section says that you should (since in that case the TLS 1.1 or TLS 1.0 spec would control) but in any case, it shouldn't say that and I never interpreted it that way. -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
