Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem

On Wed, Sep 24, 2014 at 1:43 AM, Roland Zink <> wrote:

> On 24.09.2014 09:02, Eric Rescorla wrote:
>> I'm sorry, I'm not following this point.
>> Say that someone invents some new cipher suite, X. It's either
>> acceptable for h2 or it's not [0]. The client then behaves as follows:
>> - If it is acceptable for h2, the client offers it, since everything is
>>   fine.
>> - If it's not acceptable for h2, the client offers it, secure in the
>>   knowledge that a conformant server will (per 9.2.2) not negotiate
>>   it for h2.
>> As far as I can tell, either of these is fine. Do you disagree?
>>  When h2 is upgraded to allow X (per 9.2.2X) then an old client offering
> X only for some other protocol will not work with a new h2 server as it
> will reject based on 9.2.2.

Wait, how does this happen? When we introduce X we label it as acceptable
for h2. Old clients won't offer X because they won't have it and when they
do have it they should know it's acceptable for h2.


Received on Wednesday, 24 September 2014 08:55:21 UTC