IETF Logo Mail Archive

Re: [TLS] Questions about TLS Server Name Indication extension

<Pasi.Eronen@nokia.com> Fri, 06 November 2009 09:40 UTC

Return-Path: <Pasi.Eronen@nokia.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5F8CE28C18B for <tls@core3.amsl.com>; Fri, 6 Nov 2009 01:40:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.565
X-Spam-Level:
X-Spam-Status: No, score=-6.565 tagged_above=-999 required=5 tests=[AWL=0.034, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wcXDOjqrREGf for <tls@core3.amsl.com>; Fri, 6 Nov 2009 01:40:02 -0800 (PST)
Received: from mgw-mx09.nokia.com (smtp.nokia.com [192.100.105.134]) by core3.amsl.com (Postfix) with ESMTP id 7B11828C18A for <tls@ietf.org>; Fri, 6 Nov 2009 01:40:02 -0800 (PST)
Received: from vaebh105.NOE.Nokia.com (vaebh105.europe.nokia.com [10.160.244.31]) by mgw-mx09.nokia.com (Switch-3.3.3/Switch-3.3.3) with ESMTP id nA69dtw8017264; Fri, 6 Nov 2009 03:40:24 -0600
Received: from vaebh104.NOE.Nokia.com ([10.160.244.30]) by vaebh105.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 6 Nov 2009 11:40:23 +0200
Received: from smtp.mgd.nokia.com ([65.54.30.8]) by vaebh104.NOE.Nokia.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Fri, 6 Nov 2009 11:40:17 +0200
Received: from NOK-EUMSG-01.mgdnok.nokia.com ([65.54.30.86]) by nok-am1mhub-04.mgdnok.nokia.com ([65.54.30.8]) with mapi; Fri, 6 Nov 2009 10:40:18 +0100
From: Pasi.Eronen@nokia.com
To: mike-list@pobox.com, tls@ietf.org
Date: Fri, 06 Nov 2009 10:40:17 +0100
Thread-Topic: [TLS] Questions about TLS Server Name Indication extension
Thread-Index: AcpZz3t23ziuj5D6QbaRdcjzgpkrWgET1NqA
Message-ID: <808FD6E27AD4884E94820BC333B2DB774E7F81BDAE@NOK-EUMSG-01.mgdnok.nokia.com>
References: <200910292246.n9TMk6sZ014367@fs4113.wdf.sap.corp> <4AEB9D27.5090203@pobox.com>
In-Reply-To: <4AEB9D27.5090203@pobox.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginalArrivalTime: 06 Nov 2009 09:40:17.0947 (UTC) FILETIME=[266916B0:01CA5EC5]
X-Nokia-AV: Clean
Subject: Re: [TLS] Questions about TLS Server Name Indication extension
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Nov 2009 09:40:03 -0000

Michael D'Errico wrote:

> But that brings up a subtle point.  What if the client originally
> connected offering a higher version than I support?  When it tries
> to resume a session, should it use the version it originally sent
> in the ClientHello, or the lower version that was negotiated?
> 
> I would think that the client should be allowed to specify the same
> version number it originally connected with.
> 
> I searched through RFC 5246 but could not find a discussion of this.
> Did I miss it?  What do others think should happen?

RFC 5246 does say:

   Whenever a client already knows the highest protocol version known to
   a server (for example, when resuming a session), it SHOULD initiate
   the connection in that native protocol.

"SHOULD" seems to allow both cases (and since the server might fall
back to full handshake, perhaps it would be better to send the
highest version supported by the client...).

Best regards,
Pasi

v2.23.0 | Report a Bug | By Email