|
|
|
|
|
|
by nneonneo
2961 days ago
|
|
|
Per the TLS 1.3 RFC: > In previous versions of TLS, this field was used for version negotiation and represented the highest version number supported by the client. Experience has shown that many servers do not properly implement version negotiation, leading to "version intolerance" in which the server rejects an otherwise acceptable ClientHello with a version number higher than it supports. In TLS 1.3, the client indicates its version preferences in the "supported_versions" extension (Section 4.2.1) and the legacy_version field MUST be set to 0x0303, which is the version number for TLS 1.2. (See Appendix D for details about backward compatibility.) It's really too bad that the version field can't be used as a version field anymore, but thankfully the "extension" format is pretty flexible in that regard. |
|
|
Just like the version field.
I'm sure middlebox software is being updated as we speak to terminate connections with unknown versions in the „supported_versions“ extension.