On Thu, Jan 22, 2015 at 12:07 PM, Hubert Kario <hkario@xxxxxxxxxx> wrote: > On Wednesday 21 January 2015 16:45:31 Michael D'Errico wrote: >> Martin Rex wrote: >> > Rubber-Stamping the fallback-scsv hack onto the standards track is >> > IMHO a very bad idea. >> >> I apologize if this has been discussed before (I have about 1400 >> unread TLS mailing list messages in my queue), but it seems that >> a simpler SCSV or extension could just ask the server to echo its >> highest supported version: >> >> ClientHello w/SCSV -----> >> <----- ServerHello w/version extension > > that's not allowed by the RFC's, the server can send back only the extension > id's client has sent Not quite; cf RFC 5746 (Renegotiation Indication Extension), where the client may use the SCSV TLS_EMPTY_RENEGOTIATION_INFO_SCSV instead of the renegotiation_info extension in its ClientHello, but the server will reply with the renegotiation_info extension. /grubba -- Henrik Grubbström grubba@xxxxxxxxxx Roxen Internet Software AB grubba@xxxxxxxxx