On 25 December 2015 at 03:03, <cinap_lenrek@felloff.net> wrote:

the functionality that is desired is to be able to "negotiate" the
cipher suits and record layer protocol versions.

I could never work up much enthusiasm for TLS because it is needlessly big and complex, but still got important things wrong.

I never saw the advantage of TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA as opposed to exchanging a few bits of text,

allowing easy extension of the protocol to the occasional new protocol.

The main reason for using it for 9P would be to make it easier to communicate with 9P services running on other platforms,

but my experience with Java was that in the end, the service provider factories couldn't make anything I wanted to use.

In particular, I couldn't replace the dreadful CA-oriented x.509 certificates and asn.1 by something else. Anything, really.

I also wasn't given planning permission to build my own factory. You get all the bugs, though.