[TLS] RFC 6347 - Section 4.2.1 - used version in a HelloVerifyRequest

Achim Kraus <achimkraus@gmx.net> Mon, 23 November 2020 16:45 UTC

Return-Path: <achimkraus@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 132AA3A0A73 for <tls@ietfa.amsl.com>; Mon, 23 Nov 2020 08:45:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.199
X-Spam-Level:
X-Spam-Status: No, score=-0.199 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gmx.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s4aQSd3N-bb8 for <tls@ietfa.amsl.com>; Mon, 23 Nov 2020 08:45:08 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D3D83A0A6A for <tls@ietf.org>; Mon, 23 Nov 2020 08:45:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1606149906; bh=IiN7/gQMjeBXzVUYRYx1URJX2C/LQl150/v+AiMJS0o=; h=X-UI-Sender-Class:To:From:Subject:Date; b=i8qCgoiIhrzsGkjr12oQzA0BrEoC5Rv6sX1DVZGTlZv04niHhw3nfHOiev1wdmFAf 6oSXY5OgZEa7e9txaMZ6HLIDlELgdbdmQmLjpwb7vaU88/876cRbMPJSpBdWLVNRvK X+ZEXdYsdBbkY6fbVp+eRblFjD/zzL/N5qm6MXTI=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from [192.168.178.100] ([178.10.24.221]) by mail.gmx.com (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MF3DW-1kRphB3olc-00FQB4 for <tls@ietf.org>; Mon, 23 Nov 2020 17:45:05 +0100
To: "tls@ietf.org" <tls@ietf.org>
From: Achim Kraus <achimkraus@gmx.net>
Message-ID: <b6249d59-5bdc-c71f-7580-cf6133769ac2@gmx.net>
Date: Mon, 23 Nov 2020 17:45:04 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:KPRYO6uNjgwcFeyiFpB4J8WDhnn67S7A/og62vRKToNFaA4KI+a 5ySiCsolN1NnfyEGgiVcwiMr8PVwgqN2x/QMRdMBNMJMsFFO0OSau/fNwWczlCB752T4W+Y NRXJ3ceIqAEqeqw8qnKtaG9y1V15XTLSm7M7/UFOV/Ekz6WyrKO8mhwf5eF9xcSacFE/D2W wd+McaS8FHGoeqvs8+S0g==
X-UI-Out-Filterresults: notjunk:1;V03:K0:7Dej3gUJ5sc=:O/mx68Qe9FISyIG9RMo+/4 TiDMlKpDZsnTqkjAEn2rLI9YkQdl1uPmddjnH3CtJCPrvTczr1JI+Ul4q9CN9GBuqUaHEVGCR ahX/sBcLuhafeAoUxPrDdPBJcUpDWvUK3K/n6BMcpZLfPCXw8JDCmJZh8zSzMClUB8F2hezId nHE3NSKd3P4JgXUc4OIIWM0f1uMQvqd0myOiRClh6JB2CLuq3O2F8YfojW2z+deGiiNQVqnuL 1VQn765mxZUaQKpfimqqjLE1YuPb8bMZMxKV1U94lRBs54qmDnKH6XpgCyQuYPezPj3F8i4ed tJ+PqWio9+ffeyIibaRsItYPxhzHO6t5GEM3egOnrTPvAJUEgRwpHleWNOzcUpSy/zdFOtDe6 q8YDy+lRxN6HHkmt+Y8uMjQMS/USxPS5Oq0bgsT51u1rTSlRS7fFjxxnqR4K1EEcU5j/Nop4g 5DWC4rZBsUXYj8/ijag2nG/xVuOWxTO4coN+fkZcmhqAjyBkSISF2qawXes++7IqN+Sw+1zMr pPMtbelffxDe7odtYvKUHYRCCBHPRtrJGPXYgKkCNfe+xedO8ewjDswSrykw9O1cLetlSHYx/ e3LMEEdKr+cmrq2edGsJQlrC8fVRrUSgLJ6s94NYVbzh2E9P2cOlKiE9Vez/LBeWVZhAHy88o WdToazXrgT2WMyaNdV/DWCtCfGlQEmikebyD2vJhaum11eRH5IbrmtXB5DGzafpsi5ubnV3H0 x6Z4ZahhGyvybanbC3BUWiql2T4MeYBwQuupKQAaSE41oxVXEbszzMgZvGRf5rRABex1Bcz4y BbZ/F5Ue8xQO2rR7Q7AiHbk20AJbNge0w0DbeZXeP8GZWd+fwieatYyD80Q0SbiBdJ8fR7iJy dgIjMMiBYgXAOsXrTTJw==
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/rQ3El3ROKTN0rpzhRpJCaKOrUyU>
Subject: [TLS] RFC 6347 - Section 4.2.1 - used version in a HelloVerifyRequest
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Nov 2020 16:45:10 -0000

Dear list,

according https://tools.ietf.org/html/rfc6347#section-4.2.1

"The server_version field ...
DTLS 1.2 server implementations SHOULD use DTLS version 1.0 regardless
of the version of TLS that is expected to be negotiated. ...
The server MUST use the same version number in the HelloVerifyRequest
that it would use when sending a ServerHello. ...
"

For me that seems to be ambiguous.

I checked two other implementations (openssl sends 1.0, mbedtls send
1.2) and it seems to be not clear there as well.

So, which version should a "DTLS 1.2 only server" send in its
HelloVerifyRequest?

best regrads
Achim Kraus