From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM autolearn=no autolearn_force=no version=3.4.4 Received: (qmail 24100 invoked from network); 25 Jan 2023 17:08:40 -0000 Received: from 9front.inri.net (168.235.81.73) by inbox.vuxu.org with ESMTPUTF8; 25 Jan 2023 17:08:40 -0000 Received: from mail-ej1-f54.google.com ([209.85.218.54]) by 9front; Wed Jan 25 12:07:32 -0500 2023 Received: by mail-ej1-f54.google.com with SMTP id hw16so49360732ejc.10 for <9front@9front.org>; Wed, 25 Jan 2023 09:07:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:references:in-reply-to:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=tllQ/+Dm8vZUI/SstisC/HIdSsis3nO4ub3pL2f/hdk=; b=hYXwLxqTvO2aKbxO2cL0SQ6jR6nduYm8ZQqPjSKNY+qcNPKmWFjgnkgoGV4tokjpRa 7mHHEOaSRmcyHsrg49JzYJQkaIhvhhfWmSAL13PMKdtMXxXrl0OrYcSOquLjDnHDCdyg mBkxSXNzSF9od9X4qQW2O/XV83bb1m/SGdZHXchIBsOqawnnZHgkFYtNkIlKSl4QsUuw 5kP8XYpF7tDCUjUH3egwRlk1Y+CD/Z2G8LimoAULOjSi2kiX6VetagbjyugHH3VGM8tF j28iPgsL3tjAoWHuGClcU7srHXJXP0GlVSxUFP9pglqP8qCsNKPNgdmsqyUktOmWGkd2 /JOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:references:in-reply-to:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=tllQ/+Dm8vZUI/SstisC/HIdSsis3nO4ub3pL2f/hdk=; b=M0PIFAL2HjPYunCm33RHdi2b6OEcOtPR6xX5K8QL/pGkyJnz/tcN3nYSp1J700FeYm a6FQhOasv6HTKpkI3a+LiUGGxulF1M/a1qxRbuTaApWxwU34X0YvooZpGaBnDW10RjkI OXCCz/0pz+M+KJwWJR56agGtQmpm4qZ9cXaUAwv5AdBY3VsjlCgfGd9ht0I1d94aDs90 5hDMbNzcwUp2sTuKZ+Ybudmb7TKTt50AF8iV8xTYYWF0kTd/RSm+c5RPkQLRt6QG4ANK r2XzXKpfDihs6Js9kFURqhr+DIdhPvbjqs4Ts4CxQ0SUFpIV+m9yLKMyNrL7fHVV2rO2 2WhA== X-Gm-Message-State: AFqh2kr+VNkM/N3Zg5boP3RVi2YgZIZT9uqtPby8IlhK+covXg1IB821 UrdAhjgitFOW+DlHqwwOYBBISDzeIvpP+TgaX6INWQasl+JqmA== X-Google-Smtp-Source: AMrXdXue3pZBIj3m1K59UNU1CjXdYGGjQ8dJPnMKsDm5p2WopoWIFsCErTU3WB64vr8o+0jyHICny1CJfSBF0dvXk44= X-Received: by 2002:a17:906:40d7:b0:836:e897:648a with SMTP id a23-20020a17090640d700b00836e897648amr3718108ejk.94.1674666446930; Wed, 25 Jan 2023 09:07:26 -0800 (PST) MIME-Version: 1.0 Received: by 2002:a05:7208:459d:b0:61:3d4f:f307 with HTTP; Wed, 25 Jan 2023 09:07:26 -0800 (PST) In-Reply-To: References: <87988F72F1C2D20B16DE8DA47FB8C262@alice> From: kemal Date: Wed, 25 Jan 2023 17:07:26 +0000 Message-ID: To: 9front@9front.org Content-Type: text/plain; charset="UTF-8" List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: non-blocking template WEB2.0 enhancement plugin Subject: Re: [9front] [PATCH] libsec: add minimal support for the tls renegotiation extension Reply-To: 9front@9front.org Precedence: bulk 2023-01-25 16:39 GMT, hiro <23hiro@gmail.com>: > i dont know enough. what is the actual minimum tls version enforced > by clients (i.e. no downgrade attacks possible) > > seems useless to even twitch that tls1.3 finger until they make sure > downgrades to 1.2 arent possible (on our server side at least) > oh i see what you mean. if both server and client supports 1.3, there's no way of a downgrade. both sides will definitely use 1.3. so implementing tls1.3 could also work.