Harmonize the requirements for legacy_version. Fixes #1412#1415
Open
Harmonize the requirements for legacy_version. Fixes #1412#1415
Conversation
RFC 8446 required implementations to send a `protocol_version` alert for `legacy_version=0x0300` and allowed TLS 1.0 and TLS 1.1. This draft forbids those and locks down the `legacy_version` to 0x0303, but then required `illegal_parameter`. This change harmonizes the text and requires `protocol_version` to avoid requiring implementations to change. I see an argument for `illegal_parameter`, but I think avoiding change is better.
Contributor
Author
|
@debcooley for approval. @martinthomson @davidben for awareness. |
|
I approve.... (I'm sure there is some fancy way to do that, but this is quicker). |
kaduk
approved these changes
Apr 20, 2026
Contributor
kaduk
left a comment
kaduk
left a comment
There was a problem hiding this comment.
I kind of remember some discussions about only rejecting 0x300 (vs rejecting everything other than 0x0303 as we now do) back in the RFC 8446 days, but I am pretty sure that any points that were raised then have since been overtaken by events.
Contributor
Author
|
Note that this doesn't change whether you reject them, just the alert you send. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
RFC 8446 required implementations to send a
protocol_versionalert forlegacy_version=0x0300and allowed TLS 1.0 and TLS 1.1. This draft forbids those and locks down thelegacy_versionto 0x0303, but then requiredillegal_parameter. This change harmonizes the text and requiresprotocol_versionto avoid requiring implementations to change.I see an argument for
illegal_parameter, but I think avoiding change is better.