On 09/08/18 13:56, Peter Gutmann wrote: > Eric Rescorla <e...@rtfm.com> writes: > >> So if the server wants TLS 1.1, then it doesn't set the bytes. > > If that's the case then the text that says: > > If negotiating TLS 1.1 or below, TLS 1.3 servers MUST and TLS 1.2 > servers SHOULD set the last eight bytes of their Random value ... > > needs to be fixed, beause as far as I can tell that's saying that if the > server wants TLS 1.1 then it has to set the bytes, not that it doesn't set the > bytes. > > Here's an example of where this causes problems. A TLS 1.2 client connects to > the server. The server, a TLS 1.2 server, is configured to use TLS 1.1, so it > responds with the signalling bytes in its random value.
That's not the way I read it. If a server is configured to use TLSv1.1 then its not a TLSv1.3 server and this text doesn't apply (regardless of whether the binary could do TLSv1.3 if it was configured differently). Matt > The client is now > required to abort the handshake even though everything is running as it > should. > > Peter. > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
