- From: Jason Greene <jason.greene@redhat.com>
- Date: Fri, 10 Oct 2014 21:59:52 -0500
- To: Eric Rescorla <ekr@rtfm.com>
- Cc: Greg Wilkins <gregw@intalio.com>, Ilari Liusvaara <ilari.liusvaara@elisanet.fi>, HTTP Working Group <ietf-http-wg@w3.org>
On Oct 10, 2014, at 4:47 PM, Eric Rescorla <ekr@rtfm.com> wrote: > > > On Fri, Oct 10, 2014 at 2:38 PM, Greg Wilkins <gregw@intalio.com> wrote: > Offering unacceptable pairings and hoping the server will never see those as acceptable is fragile. > > This ship has already sailed: > TLS clients regularly offer TLS 1.2 with AEAD cipher suites but will accept > TLS 1.1. However, the AEAD cipher suites are forbidden with TLS 1.1. Right but in that case the real need to downgrade is made clear by the TLS version differential. It also sounds like there will be a downgrade SCSV that is widely accepted. In the case of INADEQUATE_SECURITY, the peer doen't really know what action to take other than to give up on H2 and use H1. -- Jason T. Greene WildFly Lead / JBoss EAP Platform Architect JBoss, a division of Red Hat
Received on Saturday, 11 October 2014 03:00:40 UTC