 |
 |
 |
 |
|
 |
|
 |
|
 |
|
 |
|
|
|
|
|
|
|
|
|
|
|
|
Martin Rex wrote:There may be SSLv3 servers out there that choke on extension data in the ClientHello. But that doesn't mean that one could not upgrade SSLv3 servers to support TLS extensions. The more interesting question is IMHO -- which TLS clients will choke when an SSLv3 server returns a ServerHello extension? spec-wise, a ServerHello extension is as unusual to SSLv3 as it is to TLSv1.0.Why would that situation arise? For that to happen, an SSL server library would have to be upgraded to support extensions but not to support TLS. Are there any SSL-only libraries being actively maintained?
This is unlikely to work, because at least some clients (Opera being one) will never send Extensions to SSL v3 server. In fact, Opera will not attempt Extensions to a server until it knows it is dealing with a TLS 1.0+ server, because we know there are TLS 1.0 servers that does not accept Extensions (see http://tools.ietf.org/html/draft-ietf-tls-interoperability-00 ).
-- Sincerely, Yngve N. Pettersen ******************************************************************** Senior Developer Email: yngve at opera.com Opera Software ASA http://www.opera.com/ Phone: +47 24 16 42 60 Fax: +47 24 16 40 01 ********************************************************************