Viktor Dukhovni wrote: > Andrei Popov wrote: >> >> Would it make sense for an opportunistic client to advertise all algorithms >> commonly supported in the server certs? After all, there are relatively >> few signature/hash pairs in use, and they are changing very slowly over >> time. > > This does not work when new algorithms are introduced, since you > can't advertise algorithms you don't know exist.
Pretty much *ALL* TLS implementations in the installed base implement TLSv1.1 _and_ do the right thing when negotiating a server certificate for a client that proposes at most TLSv1.1. So if the TLSv1.2 server certificate selection fails, just do the TLSv1.1 server certificate selection. It is really that easy, and produces a very backwards-compatible behaviour that will be highly appreciated by all TLS client, users and helpdesks. -Martin _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
