Re: [TLS] drop obsolete SSL 2 backwards compatibility from TLS 1.3 draft
Dave Garrett <davemgarrett@gmail.com> Sat, 27 December 2014 22:39 UTC
Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 239D81AC3AC for <tls@ietfa.amsl.com>; Sat, 27 Dec 2014 14:39:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NnQkl-a7AKxk for <tls@ietfa.amsl.com>; Sat, 27 Dec 2014 14:39:28 -0800 (PST)
Received: from mail-qa0-x231.google.com (mail-qa0-x231.google.com [IPv6:2607:f8b0:400d:c00::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D30481A1AA9 for <tls@ietf.org>; Sat, 27 Dec 2014 14:39:27 -0800 (PST)
Received: by mail-qa0-f49.google.com with SMTP id dc16so7849099qab.8 for <tls@ietf.org>; Sat, 27 Dec 2014 14:39:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=GmSwZ8i1G21PTYU7hxrv9LoaAfjuEtg9u1BXHK6UAR0=; b=vzkdfsQChpuTIAYaAR+iNsEyE2ibLk6KcCMT8rHa9R4CvGRn7DdwamG3nkVA/X0Iua s1E08BmLCJzIwGWDQSxQuu9kMvlt7ZKfMkL11I9tLzh8cUp9Q0BrLN3QORMsGexeYchC efRyC8mS4xZ8G7vkcC0v+2rhGF4thT0bwYSpvZiiji7NdqrJkvvL1NxB7xRmnnMMA0Sn 6zSLQ9ufjj8xmjGHccubVRZJ/U/L89h2tCh+oH100rpdYSVffR7PkUAAhqOto6kCjU6r rluFU/AUFakhoW1IWCEe0zVIztsj9M9XUK7cBc13WOTxNp4GJV/S78y1Br8Ew+L0gD4Z UQlg==
X-Received: by 10.229.135.202 with SMTP id o10mr79146520qct.9.1419719966983; Sat, 27 Dec 2014 14:39:26 -0800 (PST)
Received: from dave-laptop.localnet (pool-72-78-212-218.phlapa.fios.verizon.net. [72.78.212.218]) by mx.google.com with ESMTPSA id f11sm23288111qga.42.2014.12.27.14.39.26 (version=TLSv1 cipher=RC4-SHA bits=128/128); Sat, 27 Dec 2014 14:39:26 -0800 (PST)
From: Dave Garrett <davemgarrett@gmail.com>
To: Hauke Mehrtens <hauke@hauke-m.de>
Date: Sat, 27 Dec 2014 17:39:24 -0500
User-Agent: KMail/1.13.5 (Linux/2.6.32-66-generic-pae; KDE/4.4.5; i686; ; )
References: <201412221945.35644.davemgarrett@gmail.com> <F07340BA-F182-470C-AF90-C85A973075B9@gmail.com> <549F2D90.5030305@hauke-m.de>
In-Reply-To: <549F2D90.5030305@hauke-m.de>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <201412271739.24476.davemgarrett@gmail.com>
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/ltL8qJhqaJCShjjugwpmLcwEYCk
X-Mailman-Approved-At: Mon, 29 Dec 2014 09:10:39 -0800
Cc: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Subject: Re: [TLS] drop obsolete SSL 2 backwards compatibility from TLS 1.3 draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Dec 2014 22:39:29 -0000
On Saturday, December 27, 2014 05:07:12 pm Hauke Mehrtens wrote: > On 12/24/2014 07:40 AM, Yoav Nir wrote: > > It’s fine for us to break compatibility with these clients, but let’s not > > pretend it’s some ancient technology that doesn’t exist in the market > > anymore. > > In addition the Oracle Java Runtime Environment in Version 6 uses a SSL > v2 compatible ClientHello in the default settings. It supports SSL v3 > and TLS 1.0. In Java JRE 7 a SSLv3 ClientHello is used by default. > > I think a TLS 1.3 Client must not send a SSLv2 ClientHello, but a server > should understand it. The newest version of TLS should not be have to be written to accommodate an 8 year old EOL Java version's default settings. Dave
- [TLS] drop obsolete SSL 2 backwards compatibility… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Brian Smith
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yoav Nir
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yuhong Bao
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yoav Nir
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- [TLS] explicitly specify ClientHello record versi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Kurt Roeckx
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Jeffrey Walton
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Kurt Roeckx
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Hauke Mehrtens
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yoav Nir
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Fabrice
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Brian Smith
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Brian Smith
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Brian Smith
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Kurt Roeckx
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Hauke Mehrtens
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Kurt Roeckx
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Salz, Rich
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Watson Ladd
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Martin Rex
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Martin Thomson
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Martin Rex
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Peter Gutmann
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Brian Smith
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Martin Rex
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Salz, Rich
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yuhong Bao
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Florian Weimer
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Florian Weimer
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Daniel Kahn Gillmor
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yuhong Bao
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Andrei Popov
- [TLS] Downgrade Dance steps (Re: drop obsolete SS… Martin Rex
- Re: [TLS] Downgrade Dance steps (Re: drop obsolet… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yuhong Bao
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Martin Rex
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yuhong Bao