IETF Logo Mail Archive

Re: [TLS] Renego Indication RI patch interaction with TLS major version interop

"Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com> Wed, 16 June 2010 06:08 UTC

Return-Path: <yngve@opera.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4C9713A6ABC for <tls@core3.amsl.com>; Tue, 15 Jun 2010 23:08:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.299
X-Spam-Level:
X-Spam-Status: No, score=-6.299 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kGrclkm4Arc5 for <tls@core3.amsl.com>; Tue, 15 Jun 2010 23:08:53 -0700 (PDT)
Received: from smtp.opera.com (smtp.opera.com [213.236.208.81]) by core3.amsl.com (Postfix) with ESMTP id EEEB23A6ABA for <TLS@ietf.org>; Tue, 15 Jun 2010 23:08:52 -0700 (PDT)
Received: from acorna.invalid.invalid (30.169.202.84.customer.cdi.no [84.202.169.30]) (authenticated bits=0) by smtp.opera.com (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id o5G68dY0017536 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 16 Jun 2010 06:08:55 GMT
Content-Type: text/plain; charset="iso-8859-15"; format="flowed"; delsp="yes"
To: Michael D'Errico <mike-list@pobox.com>
References: <4C17AA89.8060904@extendedsubset.com> <4C17B2FE.7080604@pobox.com> <87d3vs574u.fsf@mocca.josefsson.org> <AANLkTimsd145GswXqoHbkh9ejwYuhe4mL7w4wtVkSmeI@mail.gmail.com> <op.vec8hyzoqrq7tp@acorna.invalid.invalid> <4C1815BD.6080205@pobox.com>
Date: Wed, 16 Jun 2010 08:08:49 +0200
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
From: "Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com>
Organization: Opera Software AS
Message-ID: <op.vedp0zqpqrq7tp@acorna.invalid.invalid>
In-Reply-To: <4C1815BD.6080205@pobox.com>
User-Agent: Opera Mail/10.53 (Win32)
Cc: TLS@ietf.org
Subject: Re: [TLS] Renego Indication RI patch interaction with TLS major version interop
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Jun 2010 06:08:54 -0000

On Wed, 16 Jun 2010 02:07:25 +0200, Michael D'Errico <mike-list@pobox.com>  
wrote:

> Yngve N. Pettersen (Developer Opera Software ASA) wrote:
>>  - 43 of 383531 servers mirror the client hello version back to the  
>> client
>
> Yngve,
>
> Can you please explain what you mean by a server mirroring the client
> hello version back to the client?  That sounds like the correct thing
> to do, unless they don't actually support that version.

What I mean by "mirroring" is that the server will respond with TLS 1.2  
(3.3) if the client sends it, even if the server only support SSL v3 or  
TLS 1.0, eventually causing a handshake failure. Similarly the server will  
respond with 3.4 or 4.1 if the client sends those.

-- 
Sincerely,
Yngve N. Pettersen

********************************************************************
Senior Developer                     Email: yngve@opera.com
Opera Software ASA                   http://www.opera.com/
Phone:  +47 24 16 42 60              Fax:    +47 24 16 40 01
********************************************************************

v2.23.0 | Report a Bug | By Email