Glen Zorn wrote:
>
> > Glen Zorn wrote:
> > > Section 3 says "TLS clients MUST NOT send SSL 2.0 CLIENT-HELLO
> > messages."
> > > and "TLS servers MUST NOT negotiate or use SSL 2.0" and later "TLS
> > servers
> > > that do not support SSL 2.0 MAY accept version 2.0 CLIENT-HELLO
> > messages as
> > > the first message of a TLS handshake for interoperability with old
> > clients."
> > > Taken together, I find these statements quite confusing, if not
> > outright
> > > self-contradictory. Maybe, a "However" might fix the problem, though:
> > >
> > > TLS servers MUST NOT negotiate or use SSL 2.0; however, TLS
> > servers
> > > MAY accept SSL 2.0 CLIENT-HELLO messages as the first message of a
> > > TLS handshake in order to maintain interoperability with legacy
> > > clients.
>
> Maybe I just don't understand the word "use". It seems like if a server
> accepts a protocol message it's using the protocol...
With "negotiate" I meant returning a ServerHello handshake message with
that version number (neither an SSL 2.0 SERVER-HELLO, nor an SSLv3
ServerHello with a server version of { 0x02,0x00 }).
With "use" I meant to successfully complete the handshake and start
exchanging application data protected under protocol version {0x02,0x00}.
The Server accepts the SSL 2.0 CLIENT-HELLO protocol data unit (PDU),
but not the SSL 2.0 protocol. If there are no SSLv3 or TLS cipher
suites in that CLIENT-HELLO, or if the (version) field of the
SSL 2.0 CLIENT-HELLO does not indicate at least 3.0, then the server
still MUST abort.
-Martin
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf