On Tue, 16 Nov 2021 08:36:31 -0700 Peter Saint-Andre <stpe...@mozilla.com> wrote:
> By our reading, it doesn't make any difference to a TLS 1.2 > implementation whether it sends or receives the "supported_versions" > extension. Corrections welcome, of course! If this is the case, we'd > prefer not to recommend that TLS 1.2 implementations specifically add > support for this extension, since upgrading to TLS 1.3 is best anyway. I have a question about this question: I think it's generally agreed that TLS 1.3 provides much better security than TLS 1.2 (that was ultimately why it's been created). Why would you even write a recommendation for what people should do with TLS 1.2-only implementations? (I understand this is merely relevant for implementations not supporting TLS 1.3 at all.) Shouldn't the recommendation be: "Don't. Please support TLS 1.3." ? -- Hanno Böck https://hboeck.de/ _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls