On 8/1/2014 12:53 PM, Wang Weijun wrote:
>
> On Jul 31, 2014, at 10:15, Xuelei Fan <[email protected]> wrote:
>
>>> The server side now only enables TLS_RSA_WITH_AES_128_CBC_SHA256. If other
>>> protocols are enabled,
>
> Oh, typo. I meant to ask: "If other cipher suites are enabled, what will be
> the difference?"
>
If the enabled cipher suites are supported by other protocols, other
protocols would be enabled accordingly (for example, if enabled
TLS_RSA_WITH_AES_128_CBC_SHA, TLS v1.0 and TLS v1.1 would also be
available), and SSLv2Hello are also enabled as the need to accept SSL v2
ClientHello message.
Thanks,
Xuelei
> --Max
>
>>> what will be the difference? You mean TLS 1.0 and 1.1 has built-in support
>>> for SSLv2Hello but TLS 1.2 does not?
>>>
>> Protocols other then TLS v1.2 and SSLv2Hello would be filtered out,
>> i.e., cannot be negotiated as there is no suitable cipher suite for
>> those protocols ("TLS_RSA_WITH_AES_128_CBC_SHA256" only applies to TLS 1.2).
>
