Section 3 says "TLS clients MUST NOT send SSL 2.0 CLIENT-HELLO messages." and "TLS servers MUST NOT negotiate or use SSL 2.0" and later "TLS servers that do not support SSL 2.0 MAY accept version 2.0 CLIENT-HELLO messages as the first message of a TLS handshake for interoperability with old clients." Taken together, I find these statements quite confusing, if not outright self-contradictory. Maybe, a "However" might fix the problem, though: TLS servers MUST NOT negotiate or use SSL 2.0; however, TLS servers MAY accept SSL 2.0 CLIENT-HELLO messages as the first message of a TLS handshake in order to maintain interoperability with legacy clients. _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf