Re: [TLS] prohibit <1.2 support on 1.3+ servers (but allow clients)

Yoav Nir <> Thu, 21 May 2015 17:47 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 8C89A1A0199 for <>; Thu, 21 May 2015 10:47:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 0JhPNvqDonkX for <>; Thu, 21 May 2015 10:47:35 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:400c:c05::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 101131A0194 for <>; Thu, 21 May 2015 10:47:35 -0700 (PDT)
Received: by wivz2 with SMTP id z2so2386457wiv.0 for <>; Thu, 21 May 2015 10:47:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=EybbphnqA09pUGM0fzgsqUWNeYaFSrHcOgAjqKpr+9M=; b=XBAWqoDizJMoyWOhaMjNAFPnF9/gw7fbQrhnHXBTaleIoFGb7Lv3mhW6jOAgEse0+M skXzqereGqo6e9n71h3gbzWIgoWSXeT9m9uGHwtI2kukfu2Y6wgkL1vPnB51jUIc3GJS YF6/K+snaWm+PgfokdnJwDCQe/QdwEyyqYGNAgsXRHFVLqHkm+m+IfXyXxIVuFwy32v2 rjTXOvPgIUQao+9uuMIDcexAvgMOx879rp3nGJondhFOg1Dzud3+ph/QfADw4X/owZFI g+uuTa14+IA/v+54+5afWSzWitNHPb8MrrUJbxI7XNxQtKrMh+GgHfFJWfI1Yr6tVBpw jYig==
X-Received: by with SMTP id u3mr8587419wiw.30.1432230453801; Thu, 21 May 2015 10:47:33 -0700 (PDT)
Received: from [] ([]) by with ESMTPSA id um5sm33162857wjc.1.2015. (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 21 May 2015 10:47:32 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
From: Yoav Nir <>
In-Reply-To: <>
Date: Thu, 21 May 2015 20:47:30 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <>
To: Dave Garrett <>
X-Mailer: Apple Mail (2.2098)
Archived-At: <>
Subject: Re: [TLS] prohibit <1.2 support on 1.3+ servers (but allow clients)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 21 May 2015 17:47:36 -0000

> On May 21, 2015, at 7:10 PM, Dave Garrett <> wrote:
> I was going to hold off on suggesting this due to other topics dominating the list, but we might be in a kill-the-old-junk mood due to the latest old-junk vulnerability, so...
> Old versions of TLS need to be phased out at some point (even the one we're designing now), however the current modus operandi is generally to wait until a catastrophic breakage forces everyone into a panic disable. I'd like to at least try to do better prior to the next time. I'd like to propose giving servers & clients different expectations as a transitional measure:
> 1) No general change to current TLS other than pointing to the UTA BCP from time to time.
> 2) For TLS 1.3, add a blurb to the effect of:
> "Server TLS implementations supporting TLS 1.3 or later MUST NOT negotiate TLS 1.0 or TLS 1.1 for any reason.

Is this needed for interoperability, or is this just a good idea that you want to slap a MUST on?

It’s the latter. It belongs in a BCP, not in the protocol document, and that is where it already is. It’s not the IETF’s job to make deployment decisions like that.