Re: [TLS] Questions about TLS Server Name Indication extension

To: <mike-list at pobox.com>, <tls at ietf.org>
Subject: Re: [TLS] Questions about TLS Server Name Indication extension
From: <Pasi.Eronen at nokia.com>
Date: Fri, 6 Nov 2009 10:40:17 +0100
Accept-language: en-US
Acceptlanguage: en-US
Delivered-to: tls at core3.amsl.com
In-reply-to: <4AEB9D27.5090203 at pobox.com>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <200910292246.n9TMk6sZ014367 at fs4113.wdf.sap.corp> <4AEB9D27.5090203 at pobox.com>
Thread-index: AcpZz3t23ziuj5D6QbaRdcjzgpkrWgET1NqA
Thread-topic: [TLS] Questions about TLS Server Name Indication extension

Michael D'Errico wrote:

> But that brings up a subtle point.  What if the client originally
> connected offering a higher version than I support?  When it tries
> to resume a session, should it use the version it originally sent
> in the ClientHello, or the lower version that was negotiated?
> 
> I would think that the client should be allowed to specify the same
> version number it originally connected with.
> 
> I searched through RFC 5246 but could not find a discussion of this.
> Did I miss it?  What do others think should happen?

RFC 5246 does say:

   Whenever a client already knows the highest protocol version known to
   a server (for example, when resuming a session), it SHOULD initiate
   the connection in that native protocol.

"SHOULD" seems to allow both cases (and since the server might fall
back to full handshake, perhaps it would be better to send the
highest version supported by the client...).

Best regards,
Pasi

References:
- Re: [TLS] Questions about TLS Server Name Indication extension
  - From: Martin Rex
- Re: [TLS] Questions about TLS Server Name Indication extension
  - From: Michael D'Errico

Prev by Date: Re: [TLS] TLS or HTTP issue?
Next by Date: Re: [TLS] Interest in taking draft-seggelmann-tls-dtls-heartbeat-01 as a working group item
Previous by thread: Re: [TLS] Questions about TLS Server Name Indication extension
Next by thread: Re: [TLS] Questions about TLS Server Name Indication extension
Index(es):
- Date
- Thread

Re: [TLS] Questions about TLS Server Name Indication extension

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.