- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Fri, 31 Oct 2014 21:09:17 -0700
- To: Jason Greene <jason.greene@redhat.com>
- Cc: Brian Smith <brian@briansmith.org>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On 31 October 2014 20:49, Jason Greene <jason.greene@redhat.com> wrote: > My point is that a legacy compatible client advertises cipher suites that aren’t compatible with H2 before H2 is selected. This is in contrast to a 1.3 client that would advertise 1.3 ciphers, and use SCSV fallback for pre 1.3 ciphers, which is a much more robust handshake, and leaves the TLS cipher selection where it belongs. That's not right. A 1.3 client will offer cipher suites that are only supported in 1.2 and earlier because a round-trip is a high price to pay for guessing wrong. What you suggest would basically prevent 1.3 from ever being deployed. The 1.3 handshake will be compatible with all 1.2 and earlier servers (assuming that they are not version or extension intolerant...i.e., not broken).
Received on Saturday, 1 November 2014 04:09:45 UTC