Re: [TLS] interop for TLS clients proposing TLSv1.1

[Yoav Nir <ynir@checkpoint.com>]

Hi Yngve

On Sep 22, 2011, at 12:32 AM, Yngve N. Pettersen (Developer Opera Software ASA) wrote:

> On Wed, 21 Sep 2011 22:48:33 +0200, Martin Rex <mrex@sap.com> wrote:
> 
>> Does anyone (SSL Labs, Opera, others) have any figures/stats about the
>> current "TLSv1.1 version (in)tolerance" for TLS servers on the public
>> internet?
> 
> This week's test of 609726 servers gave these numbers:
> 
>   * 1.145% of the probed servers were version intolerant for at least one  
> of the current TLS versions (1.0, 1.1, 1.2)
>   * 1.742% were extension intolerant for the same versions
>   * 1.136% belonged in both groups
> 
> This gives an estimated total of 1.751% that are either version and/or  
> extension intolerant for the currently defined TLS versions.
> 
> These numbers have been decreasing during the past year and a half, around  
> January 2011 it was 1.951% just for the version intolerant, 2.657% in may  
> 2010 (the extension numbers are not as detailed for those runs).
> 
> Most of the version intolerant are intolerant for TLS 1.1 and TLS 1.2, but  
> some are SSLv3 only servers that are also intolerant for TLS 1.0. There is  
> even a 0.007% share that support TLS 1.1 (quite a lot of which has "vpn"  
> as the hostname).

By "version intolerant" do you mean that you're sending a TLS 1.1 or 1.2 handshake message and the server rejects it?

If you send a TLS 1.0 handshake message, with the version field of the ClientHello showing 1.2, what portion of the servers would reject that (rather than just replying in TLS 1.0)?

Is that something you measure?  If the portion is very low, it could be feasible to implement a client without fallback behavior.


Yoav