Am 21.09.2011 20:37, schrieb Alexander Holler: > Hello, > Hi, first a disclaimer: I'm bound to be wrong about this. It is however correct to the best of my knowledge.
> reading some news items about possible problems with TLS 1.0 (that > BEAST), is there someone out here who has tested or knows something > about interoperability of TLS 1.0 with TLS 1.1 or TLS 1.2, especially in > regard to XMPP? > Personally, while I assume there is a real practical exploit, I would not get too much into this before BEAST has been presented. It has been said that the same exploit could be applied to IM, however some of the statements made about how BEAST allegedly works make that sound strange to me, we'll see. As far as interoperability is concerned. I don't think XMPP plays any role in this. Except for starttls which is TLS version independent that is strictly a different layer. Also it's new to me that TLS 1.0 would have to interoperate with TLSv1.1 or TLSv1.2. TLS client and server negotiate a TLS version using the (Client/Server)Hello messages. > I'm asking especially because I've read something about possible > interoperability problems when using 1.1 or 1.2. I don't know if those > problems only happen with some cruel implementions or whatever and up to > now I haven't tested it myself. > This should only happen with a buggy TLS implementation. A recent GnuTLS (supporting TLSv1.1) does connect to a server using a TLSv1.0-only OpenSSL just fine in my experience. > Because openssl offers the newer versions only since 1.0 or such, I > never spend any thought on that and before I'm diving myself into that > topic I thought I might try to ask here before. ;) > AFAIK it is in no released version of OpenSSL at all yet. Apparently it will be available in version 1.0.1. Regards, Florian Zeitz
