On Tue, Jun 7, 2016 at 5:06 PM Yoav Nir <ynir.i...@gmail.com> wrote: > > > On 7 Jun 2016, at 8:33 PM, Hubert Kario <hka...@redhat.com> wrote: > > > > On Tuesday 07 June 2016 17:36:01 Yoav Nir wrote: > >> I’m not sure this helps. > >> > >> I’ve never installed a server that is version intolerant. TLS stacks > >> from OpenSSL, Microsoft, > > > > are you sure about that Microsoft part? > > > > there is quite a long thread on the filezilla forums about TLS version > > tolerance in IIS: > > https://forum.filezilla-project.org/viewtopic.php?f=2&t=27898 > > That’s surprising. > > The last time I tested with an IIS servers it was Windows Server 2003 and > 2008. They did not support TLS 1.2, so I wanted to check if they could > tolerate a TLS 1.2 ClientHello. They did. Of course, they replied with TLS > 1.0, but that was expected. > > It’s strange that this behavior would degrade for much newer versions of > Windows that came out at a time where several browsers were already > offering TLS 1.2. I wonder if it’s just the FTP or also IIS. >
This is the first I've heard of this and I believe neither Chrome nor Firefox accept TLS 1.2 intolerance and below anymore. To my knowledge, that has successfully been driven out of the ecosystem. David
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
