> On Aug 9, 2018, at 9:02 AM, Matt Caswell <m...@openssl.org> wrote: > > > > On 09/08/18 13:56, Peter Gutmann wrote: >> Eric Rescorla <e...@rtfm.com> writes: >> >>> So if the server wants TLS 1.1, then it doesn't set the bytes. >> >> If that's the case then the text that says: >> >> If negotiating TLS 1.1 or below, TLS 1.3 servers MUST and TLS 1.2 >> servers SHOULD set the last eight bytes of their Random value ... >> >> needs to be fixed, beause as far as I can tell that's saying that if the >> server wants TLS 1.1 then it has to set the bytes, not that it doesn't set >> the >> bytes. >> >> Here's an example of where this causes problems. A TLS 1.2 client connects >> to >> the server. The server, a TLS 1.2 server, is configured to use TLS 1.1, so >> it >> responds with the signalling bytes in its random value. > > That's not the way I read it. If a server is configured to use TLSv1.1 > then its not a TLSv1.3 server and this text doesn't apply (regardless of > whether the binary could do TLSv1.3 if it was configured differently). > > Matt >
Agreed. If a TLS 1.2 (capable) server is negotiating TLS 1.1 with a TLS 1.2 client, then it can’t be considered a TLS 1.2 server, otherwise, it would negotiate TLS 1.2. It must be considered a TLS 1.1 server, since that is the maximum version it is configured to support. -- -Todd Short // tsh...@akamai.com // "One if by land, two if by sea, three if by the Internet." > >> The client is now >> required to abort the handshake even though everything is running as it >> should. >> >> Peter. >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls >> > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
