[TLS] drop obsolete SSL 2 backwards compatibility from TLS 1.3 draft

Dave Garrett <davemgarrett@gmail.com> Tue, 23 December 2014 00:45 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 497571A894C for <tls@ietfa.amsl.com>; Mon, 22 Dec 2014 16:45:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id gEDjvEuRupOX for <tls@ietfa.amsl.com>; Mon, 22 Dec 2014 16:45:38 -0800 (PST)
Received: from mail-qc0-x232.google.com (mail-qc0-x232.google.com [IPv6:2607:f8b0:400d:c01::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7352F1A8934 for <tls@ietf.org>; Mon, 22 Dec 2014 16:45:38 -0800 (PST)
Received: by mail-qc0-f178.google.com with SMTP id b13so4545635qcw.37 for <tls@ietf.org>; Mon, 22 Dec 2014 16:45:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:mime-version:content-type :content-transfer-encoding:message-id; bh=97hdhfIeROBjGH1rzg+GMWUzem+q5jb1eqMPdBHmL4Y=; b=An76x52XAJr8kqxhKrdkz8mIi5bNHqTyPiGkbvOoSjRZ+en20bIiwhx7FxlWmS0S6X GdNtZXDl3STuISfKnFYwSjtvma+hP/yAl4740ZqmJHfChEDg4CAbHFL5M29VFeKH0KjM 44GBwWwTdpVbBlZMLEGIyRzAE2i5wBlViIgviL4DaTzE1r8eFUDLezo7SijIGBo3FS/A YR3vrD+OEuYqvctfpnhVNB76MXnI5TfTv38rdIiH6LcFilKg8gau4KavdKw/eYtUsjeu OM8G9+VrFV7tLaWdWb/7Qow6T8s9XZUlS0Rns7wPlS6UO6dki4+54JzNSk22QLgQxLEZ fECw==
X-Received: by with SMTP id q7mr41415467qaj.6.1419295537735; Mon, 22 Dec 2014 16:45:37 -0800 (PST)
Received: from dave-laptop.localnet (pool-72-78-212-218.phlapa.fios.verizon.net. []) by mx.google.com with ESMTPSA id p49sm17666440qgp.30.2014. for <tls@ietf.org> (version=TLSv1 cipher=RC4-SHA bits=128/128); Mon, 22 Dec 2014 16:45:37 -0800 (PST)
From: Dave Garrett <davemgarrett@gmail.com>
To: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Date: Mon, 22 Dec 2014 19:45:35 -0500
User-Agent: KMail/1.13.5 (Linux/2.6.32-66-generic-pae; KDE/4.4.5; i686; ; )
MIME-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-Id: <201412221945.35644.davemgarrett@gmail.com>
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/6hSL81h-8f9CZrGCDRin0s7eblk
X-Mailman-Approved-At: Tue, 23 Dec 2014 13:36:10 -0800
Subject: [TLS] drop obsolete SSL 2 backwards compatibility from TLS 1.3 draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Dec 2014 00:45:40 -0000

I've submitted a straightforward PR to remove the SSL 2 backwards compatibility 
section from the current TLS 1.3 draft:


SSL 2.0 backwards compatibility was previously deprecated in TLS 1.2 (2008) and 
was warned to be "phased out with all due haste". RFC 6176 (2011) prohibits it 
entirely. It's a section of obsolete complexity still in the draft.

The PR replaces the section with a simple "MUST NOT" send or accept for TLS 1.3 

Eric Rescorla requested I post this to the list, though I would hope that at 
this point this would be a noncontroversial edit. The only functional difference 
between this language and RFC 6176 is that servers were still permitted to 
accept version 2 CLIENT-HELLO messages, though not actually negotiate the 


There's no reason to maintain any backwards support here just for Internet 
Explorer 2.0 on Windows 3.1.