----- Original Message ----- > From: "David Benjamin" <[email protected]> > To: "Brian Smith" <[email protected]>, "Hubert Kario" <[email protected]> > Cc: "<[email protected]>" <[email protected]> > Sent: Saturday, July 23, 2016 8:03:41 AM > Subject: Re: [TLS] Thoughts on Version Intolerance
> On Sat, Jul 23, 2016 at 3:37 AM Brian Smith < [email protected] > wrote: > > Hubert Kario < [email protected] > wrote: > > > > I'm quite sure that if I were sending a huge extension or many big > > > extensions, > > > > the percentage of servers that are incompatible to them would be similar, > > > if > > > > not worse. A relatively small 3KiB client hello already causes issues and > > > this > > > > is not exactly something impossible to achieve with just TLSv1.2 and > > > session > > > > tickets. > > (Note that one must complete the handshake to get a full picture. Sending the > ClientHello isn't enough. Full analysis pending, but sending a 1.2 > ServerHello and failing around the Finished message seems to happen often > enough.) technically, it's a regular bug, not intolerance intolerance is when we can't get Server Hello message On the other hand we have servers like clkmon.com, which seem to choke on measly 1356 byte long Client Hello messages... -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Email: [email protected] Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
