Re: [TLS] TLSrenego - possibilities, suggestion for SSLv3

[Bodo Moeller <bmoeller@acm.org>]

On Nov 15, 2009, at 10:23 AM, Bodo Moeller wrote:
> On Nov 11, 2009, at 9:12 PM, Martin Rex wrote:
>> Marsh Ray wrote:

>>>
>>> SSL 3.0 doesn't seem to allow extensions on Server and Client Hello
>>> messages.
>>
>> That is wrong.  The SSLv3 spec has the exact same provisions for
>> TLS extensions as the TLSv1.0 and TLSv1.1 specs.
>>
>> TLS extensions became a standard part of the protocol in TLSv1.2  
>> only.
>>
>> Compare the specs and you will see.
>
> Can you be more specific?
>
> The "Client hello" section in RFC2246 (i.e., for TLS 1.0) includes a  
> "Forward compatibility note": "In the interests of forward  
> compatibility, it is permitted for a client hello message to include  
> extra data after the compression methods."  This is the provision  
> that allows clients to try using extensions without having to know  
> whether a specific server has extension support.
>
> I can't spot something like that in draft-freier-ssl- 
> version3-01.txt.  What wording in what specification are you  
> referring to?

Oh, never mind, I've seen some pointers in Marsh's follow-up message  
(under a different "Subject" header) -- the forward compatibility note  
was added after that -01 draft.

Curiously, tools.ietf.org doesn't know of draft-freier-ssl- 
version3-02.txt, but has draft-ietf-tls-ssl-version3-00.txt from the  
same date (November 18, 1996).  (For reference, draft-freier-ssl- 
version3-01.txt is from March 1996; draft-freier-ssl-version3-00.txt  
is from December 1995.)

Bodo