A few supported_versions questions: 1) What should a server do if supported_versions is received but ClientHello.legacy_version != TLS1.2? Fail the handshake, or just ignore legacy_version?
2) What should a server do if supported_versions is received, ClientHello.legacy_version == TLS1.2, but supported_versions does not contain TLS1.3 or TLS1.2 (e.g. it contains TLS1.1 or below)? Fail the handshake, use the legacy_version, or use use the versions in supported_versions? 3) If the answer to (2) above is ignore the legacy_version, and just use the versions in supported_versions, which client_version should be used in the RSA pre-master secret calculation? The one in legacy_version, or the highest one in supported_versions? Presumably it has to be the one in legacy_version, otherwise thing will fail when the client talks to a server that doesn't understand supported_versions? Matt _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
