On Thursday 02 June 2016 11:39:20 Yoav Nir wrote: > > On 2 Jun 2016, at 10:31 AM, Nikos Mavrogiannopoulos > > <n...@redhat.com> wrote:> > > On Wed, 2016-06-01 at 15:43 -0700, Eric Rescorla wrote: > >> 2% is actually pretty good, but I agree that we're going to need > >> fallback. > > > > Please not. Lets let these fallbacks die. Not every client is a > > browser. TLS 1.3 must be a protocol which doesn't require hacks to > > operate. CBC was removed, lets do the same for insecure fallbacks. > > Not every client is a browser, but some are. So what does the browser > do when a server resets the connection after seeing the ClientHello? > > Blank screen with a failure message?
fallback to check if the connection failure is caused by TLSv1.3, and if it is, display error message and put the blame squarely on the server -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
