> I am trying to figure out if every implementation compliant with
RFC8446 is also necessarily interoperable with an RFC5246 peer, or if this
is just a likely common, but still completely optional implementation
choice.
It is possible to have a single stack that implements TLS.[123]. OpenSSL,
among many others does this. Some have implemented ONLY TLS 1.3; that code
tends to be cleaner (in a nerd esthetic sense) than code that implements
multiple protocols. Some servers even "hand off" pre-1.3 protocols to separate
implementations (libraries); FB and Amazon used to do that.
The wire protocol for TLS 1.3 uses some deliberately-reserved extension fields
so that a server which doesn't do 1.3 can fail cleanly, and a server that DOES
will work. And also the other way, a 1.3 client can work fine with both a 1.3
server and a 1.[12] server.
It's easy to rationale 1.3-only for clients. It is harder to rationalize
1.3-only for servers if you are intending those servers to be generally
accessible on the public Internet.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
