Martin Rex [mailto:mrex(_at_)sap(_dot_)com] writes:
Glen Zorn wrote:
Glen Zorn wrote:
Section 3 says "TLS clients MUST NOT send SSL 2.0 CLIENT-HELLO
messages."
and "TLS servers MUST NOT negotiate or use SSL 2.0" and later "TLS
servers
that do not support SSL 2.0 MAY accept version 2.0 CLIENT-HELLO
messages as
the first message of a TLS handshake for interoperability with old
clients."
Taken together, I find these statements quite confusing, if not
outright
self-contradictory. Maybe, a "However" might fix the problem,
though:
TLS servers MUST NOT negotiate or use SSL 2.0; however, TLS
servers
MAY accept SSL 2.0 CLIENT-HELLO messages as the first
message of a
TLS handshake in order to maintain interoperability with
legacy
clients.
Maybe I just don't understand the word "use". It seems like if a
server
accepts a protocol message it's using the protocol...
With "negotiate" I meant returning a ServerHello handshake message with
that version number (neither an SSL 2.0 SERVER-HELLO, nor an SSLv3
ServerHello with a server version of { 0x02,0x00 }).
With "use" I meant to successfully complete the handshake and start
exchanging application data protected under protocol version
{0x02,0x00}.
Maybe you could spell these things out in the draft just as you have above?
The Server accepts the SSL 2.0 CLIENT-HELLO protocol data unit (PDU),
but not the SSL 2.0 protocol.
I see. Perhaps the distinction between PDU and "protocol" is just too
subtle for me, but assuming (maybe too generously ;-) that I'm not a total
moron, others might find it a little bit confusing as well.
If there are no SSLv3 or TLS cipher
suites in that CLIENT-HELLO, or if the (version) field of the
SSL 2.0 CLIENT-HELLO does not indicate at least 3.0, then the server
still MUST abort.
-Martin
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf