On Thu, Jul 21, 2016 at 10:19:34AM +0000, David Benjamin wrote: > On Wed, Jul 20, 2016 at 5:43 PM Benjamin Kaduk <bka...@akamai.com> wrote: > > > On 07/20/2016 05:01 AM, Hanno Böck wrote: > > > On Wed, 20 Jul 2016 11:20:46 +0200 > > > Hubert Kario <hka...@redhat.com> wrote: > > >
> And as Hubert notes, there may well be other intolerance triggers to clear > through. 1.3 has a larger ClientHello. We have also never added a new > signature algorithm before. But I think that just means we have more rusted > protocol joints fix rather than just the one. Could be useful to scan for SignatureScheme. I think the most worthwhile 6 to scan would be: 0x0003 (ECDSA-NONE in TLS 1.2) 0x0004 (UNKNOWN4-NONE in TLS 1.2) 0x0404 (UNKNOWN4-SHA256 in TLS 1.2) 0x0700 (ANON-UNKNOWN7 in TLS 1.2) 0x0703 (ECDSA-UNKNOWN7 in TLS 1.2) 0x0704 (UNKNOWN4-UNKNOWN7 in TLS 1.2) And then see how many servers do anything retarded with these... -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
