On Mon, Oct 31, 2016 at 09:30:10PM +0200, Ilari Liusvaara wrote:
> On Mon, Oct 31, 2016 at 07:11:10PM +0000, David Benjamin wrote:
> >
> > We could say the versions extension only applies to 1.2 and up. I.e. don't
> > bother advertising 1.1 and 1.0 as a client and servers ignore 1.1 and 1.0
> > when they see them in the version list. That keeps the protocol deployable
> > on the Internet as it exists, avoids having to evaluate too versioning
> > schemes (if you see the extension, you don't bother reading legacy_version
> > at all), while avoiding the weird behavior where, given this ClientHello:
> >
> > legacy_version: TLS 1.2
> > supported_versions: {TLS 1.1}
> >
> > TLS 1.3 says to negotiate TLS 1.1 and TLS 1.2 says to negotiate TLS 1.2.
>
> Yeah, I don't think it ever makes sense to stick TLS 1.0 or 1.1 into
> supported_versions. There are good reasons to stick TLS 1.2 there tho.
Can you give some more details about those good reasons?
Kurt
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
