Sorry, I should have quoted it. It's https://tlswg.org/tls13-spec/draft-ietf-tls-rfc8446bis.html#section-4.1.3-11 in the editor's copy:
[RFC8996<https://tlswg.org/tls13-spec/draft-ietf-tls-rfc8446bis.html#RFC8996>] and Appendix E.5<https://tlswg.org/tls13-spec/draft-ietf-tls-rfc8446bis.html#backward-compatibility-security> forbid the negotiation of TLS versions below 1.2. However, server implementations which do not follow that guidance MUST set the last 8 bytes of their ServerHello.random value to the bytes: 44 4F 57 4E 47 52 44 00 Appendix E.5 states that versions below 1.2 "MUST NOT be negotiated for any reason," yet this text then has a MUST-level requirement applying exclusively to server implementations which ignore the MUST NOT. ________________________________ From: Eric Rescorla <e...@rtfm.com> Sent: Friday, May 30, 2025 10:54 AM To: Mike Bishop <mbis...@evequefou.be> Cc: The IESG <i...@ietf.org>; draft-ietf-tls-rfc8446...@ietf.org <draft-ietf-tls-rfc8446...@ietf.org>; tls-cha...@ietf.org <tls-cha...@ietf.org>; tls@ietf.org <tls@ietf.org>; s...@sn3rd.com <s...@sn3rd.com> Subject: Re: Mike Bishop's No Objection on draft-ietf-tls-rfc8446bis-12: (with COMMENT) Thank you for comments. I have made a PR to address most of these comments: https://github.com/tlswg/tls13-spec/pull/1385 I am a bit unsure about one comment. Can you point to the offending text for the comment below: The language around the SCSV for pre-1.2 values feels odd. You MUST NOT negotiate older versions, but if you do anyway, you MUST do it this way? I would shift this to a description of how clients and servers were required to behave prior to this revision of 1.3 at most.
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
