From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM autolearn=no autolearn_force=no version=3.4.4 Received: (qmail 7844 invoked from network); 26 Jan 2023 20:55:48 -0000 Received: from 9front.inri.net (168.235.81.73) by inbox.vuxu.org with ESMTPUTF8; 26 Jan 2023 20:55:48 -0000 Received: from mail-vs1-f45.google.com ([209.85.217.45]) by 9front; Thu Jan 26 15:54:23 -0500 2023 Received: by mail-vs1-f45.google.com with SMTP id i188so3252072vsi.8 for <9front@9front.org>; Thu, 26 Jan 2023 12:54:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:references:in-reply-to:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=+Jhh+xvWN8jsnu2Bb0Eohnz6aAUbyWZZIV6N4/0ASCI=; b=eKOa9833owNQuK0nCo5mVojWdENYXNJdmNQAJD2CZwlHIpyjQfyh3DXyZ5xWNAC2Ti A5phpPT3hNf8Lgv0ST+J6u/FuGJcP8hts4LWhEnUqzfaZE3bINXrW92lBm1sKkn/UeTz AIKvq1f1mM88p0Qdxlvlo3c0keUtCMuArMLDYDwYq10i9+d9/GjiEvVEtSgaHEzghoZ3 k6QPo5BvmBd/fozdu3NyJ99nnAN0oISLUM1cke5ziMorrn5ke6Vh0yIPGe/tq+YTncE8 QMuDpooyL8sT+I66kevLqc26nlBB+fUVRrc9l0/MZDHyNQjaJ5iWgIL2ELxqJv9JIyga /rPg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:references:in-reply-to:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=+Jhh+xvWN8jsnu2Bb0Eohnz6aAUbyWZZIV6N4/0ASCI=; b=DktdVyUYhQRgCrPXWWsLm5fR9l0fpzGSf7BqB5ZtOlyqu4Mti5qotydv2xqHGtYRgm AFdG9lo4tAI60NnhMP+BfM6T00/JYWDKjOCD8IsZvaPcX38iXgOIo7ivhjl+FfGUFSPE UDn6quz9DIFPOcTU5HqQC/QRM8xTi91yLkPGIQhwbnjG76eQs84YJZT4rdhSbV5ADe3a 5knmWAG4qsjDRzjB9uaIdQV1Vzmea+NeAmbFnKaAXv9Xiz55fNmu600p3k0rAlvJ9wyR GeeuioCkfgvD31GCftCK8GMKZtq81AqEn6w7W7hFLkaUIGEUkz+YvaQ3JCZlcXgfrGtR YOvQ== X-Gm-Message-State: AFqh2koE/xbASLqq4nnKg7yeoJvVmIF/IwKKvMY8AmRYoyIIr6uaoVqB 7/5KViYWuNbl9F2NQEc5Tj0T4Z+5qMkKc3e1ySngadvo X-Google-Smtp-Source: AMrXdXscbynlAAG6CnYJLkMuA9XhSJWTaLUoNej7a+BT0FFcHWqQOFYRH7vNITMNkFlnAArwg+T7+aoGFsfw69eUGnk= X-Received: by 2002:a67:fd8b:0:b0:3d0:93b7:fab7 with SMTP id k11-20020a67fd8b000000b003d093b7fab7mr5092910vsq.56.1674766459777; Thu, 26 Jan 2023 12:54:19 -0800 (PST) MIME-Version: 1.0 Received: by 2002:ab0:5a66:0:0:0:0:0 with HTTP; Thu, 26 Jan 2023 12:54:19 -0800 (PST) In-Reply-To: References: <87988F72F1C2D20B16DE8DA47FB8C262@alice> From: hiro <23hiro@gmail.com> Date: Thu, 26 Jan 2023 21:54:19 +0100 Message-ID: To: 9front@9front.org Content-Type: text/plain; charset="UTF-8" List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: persistence wrapper Subject: Re: [9front] [PATCH] libsec: add minimal support for the tls renegotiation extension Reply-To: 9front@9front.org Precedence: bulk i'm not sure what you're saying there. i think you don't understand the basics behind what a downgrade even is. me, i'm missing out on the details what the common clients out there demand to find as a minimum version. On 1/25/23, kemal wrote: > 2023-01-25 17:30 GMT, kemal : >> even if we tried to, the tls 1.3 spec mandates that the highest >> supported version must be stated as 1.2, and 1.3 support stated >> in a new extension. so i think we can't downgrade the handshake >> to 1.1 or 1.0. >> > actually, i'm wrong. > the client sends the first message. (clienthello) > so if we see that client supports at best 1.2, we could pretend > like we just support 1.1/1.0. but as i said before, the extension > can be used with 1.0 and 1.1, so this wouldn't help at all. >