ietf
[Top] [All Lists]

RE: [TLS] Last Call: <draft-ietf-tls-ssl2-must-not-03.txt> (Prohibiting SSL Version 2.0) to Proposed Standard

2010-12-02 08:02:14
Michael D'Errico [mailto:mike-list(_at_)pobox(_dot_)com] writes:

Glen Zorn wrote:
Section 3 says "TLS clients MUST NOT send SSL 2.0 CLIENT-HELLO
messages."
and "TLS servers MUST NOT negotiate or use SSL 2.0" and later "TLS
servers
that do not support SSL 2.0 MAY accept version 2.0 CLIENT-HELLO
messages as
the first message of a TLS handshake for interoperability with old
clients."
Taken together, I find these statements quite confusing, if not
outright
self-contradictory.  Maybe, a "However" might fix the problem, though:

    TLS servers MUST NOT negotiate or use SSL 2.0; however, TLS
servers
    MAY accept SSL 2.0 CLIENT-HELLO messages as the first message of a
    TLS handshake in order to maintain interoperability with legacy
    clients.

Glen,

There is no contradiction among the statements, but they may be
confusing (I
can't tell anymore since I've gone through the drafts several times).

Maybe I just don't understand the word "use".  It seems like if a server
accepts a protocol message it's using the protocol...

...

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf