On Sat, Nov 19, 2016 at 02:41:04AM +0000, Peter Gutmann wrote: > Replying to several messages at once to save space: > > Ilari Liusvaara: > > >One can downnegotiate TLS 1.3 to TLS 1.2. > > Ah, you're obviously a fan of Steve Wozniak humour. When someone asked him > whether it was possible to upgrade from an Apple II+ to an Apple IIe, he > similarly said "yes, you unplug the power cable from the II+, throw it away, > and plug the IIe into the newly-vacated power cable".
Nope, I was referring to the very technical property that if client sends a TLS 1.3 handshake, a TLS 1.2 server can still successfully interop, provoded that the client does TLS 1.2 too (which I think every TLS client known to support TLS 1.3 except Picotls does). The last major version bump, SSLv2->SSLv3, this was NOT true. SSLv2 server would barf upon receiving SSLv3 client hello (TLS 1.0 was clearly "SSL v3.1" internally). And folks could think that kind of downnegotiation wasn't the case given major version bump. Such would cause confusion much much worse than confusing the ordering of TLS and SSL versions. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
