On Thursday 22 October 2015 14:49:47 Bill Frantz wrote: > On 10/23/15 at 2:02 PM, ynir.i...@gmail.com (Yoav Nir) wrote: > >That is true only if your application’s client component and > >server component are using the same library. That is not > >guaranteed in a protocol. Specifically that is not the case > >with the web. > > > >There are some version intolerant servers out there that will > >choke on seeing a TLS 1.3 ClientHello. If the client uses some > >library (like OpenSSL) and you upgrade to OpenSSL 1.2.0 that > >has TLS 1.3. All of the sudden your application is broken. On > >the web this means that some websites don’t work. > > This incompatibility cuts both ways. Another way of looking at > it is that all of a sudden your website has lost viewers and you > should fix your problem. Perhaps I am unusual, but if I go the a > website that doesn't work, I usually conclude that I don't need > to see that web site. My problem is too little time, meaning I > don't want to bleep with things that don't work, not extra time > to futz with different browsers to get things working.
Until you have to get a refund on a $500 purchase through such broken web server... -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
