From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=NICE_REPLY_A autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 15172 invoked from network); 26 Jan 2023 21:54:36 -0000 Received: from 9front.inri.net (168.235.81.73) by inbox.vuxu.org with ESMTPUTF8; 26 Jan 2023 21:54:36 -0000 Received: from dpmailmta02.doteasy.com ([65.61.219.40]) by 9front; Thu Jan 26 16:53:02 -0500 2023 X-Default-Received-SPF: pass (skip=forwardok (res=PASS)) x-ip-name=192.168.101.82; Received: from dpmailrp02.doteasy.com (unverified [192.168.101.82]) by dpmailmta02.doteasy.com (DEO) with ESMTP id 99703226-1393315 for <9front@9front.org>; Thu, 26 Jan 2023 13:52:51 -0800 Return-Path: Received: from dpmail01.doteasy.com (dpmail01.doteasy.com [192.168.101.1]) by dpmailrp02.doteasy.com (8.14.4/8.14.4/Debian-8+deb8u2) with ESMTP id 30QLqoNW007136 for <9front@9front.org>; Thu, 26 Jan 2023 13:52:51 -0800 X-SmarterMail-Authenticated-As: fde101@fjrhome.net Received: from [192.168.1.95] (pool-173-67-134-57.hrbgpa.fios.verizon.net [173.67.134.57]) by dpmail01.doteasy.com with SMTP (version=Tls12 cipher=Aes256 bits=256); Thu, 26 Jan 2023 13:52:31 -0800 Message-ID: Date: Thu, 26 Jan 2023 16:52:25 -0500 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.6.1 To: 9front@9front.org References: <87988F72F1C2D20B16DE8DA47FB8C262@alice> Content-Language: en-US From: "Frank D. Engel, Jr." In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Exim-Id: d036de32-ed31-8ada-e41a-9a925a03e4ef X-Bayes-Prob: 0.9999 (Score 4, tokens from: base:default, @@RPTN) X-CanIt-Geo: No geolocation information available for 192.168.101.1 X-CanItPRO-Stream: base:default X-Canit-Stats-ID: 019dxQO6K - 01c13481ed5b - 20230126 X-Scanned-By: CanIt (www . roaringpenguin . com) on 192.168.101.82 X-Originating-IP: 192.168.101.82 List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: agile optimized cloud XML over WEB2.0 property reduce/map engine plugin generator Subject: Re: [9front] [PATCH] libsec: add minimal support for the tls renegotiation extension Reply-To: 9front@9front.org Precedence: bulk Most common web browsers and many servers have dropped support for anything older than 1.2, so pretending to be 1.1 is not likely to be useful regardless. On 1/26/23 3:54 PM, hiro wrote: > i'm not sure what you're saying there. i think you don't understand > the basics behind what a downgrade even is. > > me, i'm missing out on the details what the common clients out there > demand to find as a minimum version. > > On 1/25/23, kemal wrote: >> 2023-01-25 17:30 GMT, kemal : >>> even if we tried to, the tls 1.3 spec mandates that the highest >>> supported version must be stated as 1.2, and 1.3 support stated >>> in a new extension. so i think we can't downgrade the handshake >>> to 1.1 or 1.0. >>> >> actually, i'm wrong. >> the client sends the first message. (clienthello) >> so if we see that client supports at best 1.2, we could pretend >> like we just support 1.1/1.0. but as i said before, the extension >> can be used with 1.0 and 1.1, so this wouldn't help at all. >>