Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Retry after inadequate security #627

Closed
wants to merge 2 commits into from
Closed

Retry after inadequate security #627

wants to merge 2 commits into from

Conversation

gregw
Copy link
Contributor

@gregw gregw commented Oct 9, 2014

This is a variation on #626
It switches the retry from to only be in the case of inadequate security.

@gregw
Improved 9.2.2 TLS Restrictions
69db826 
Made cipher restrictions TLS1.2 specific.

Removed all "such as" examples and replaced with references to RFC

Made DHE or ECDHE the only acceptable key exchanges as I could not find
precise definition of an ephemeral key exchange. None DHE or ECDHE ciphers
will have to be TLS 1.3 or rely on 9.2.3

Moved h1 backwards compatibility to 9.2.3 section.  Weak ciphers can
only be offered in a retry without h2.  If a client advertises a cipher
with h2, it must not subsequently reject it.
@gregw
Switch the retry to INADEQUATE_SECURITY failure
9e11429
@mnot
Copy link
Member

mnot commented Oct 10, 2014

Hey Greg - just a side note; please try to keep diffs on proposals for design issues as minimal as possible, so people can more easily evaluate what you're proposing. If you have editorial suggestions / cleanup that you'd like to do, that can go in a separate (editorial) pull.

Thanks,

@gregw
Copy link
Contributor Author

gregw commented Oct 10, 2014

Mark,

noted. I tossed this one up a bit as I think the stricter/simpler write
up of 9.2.2 is closely related to having a robust handshake.... but I guess
it could also have been separate and probably should have been.

Anyway, sounds like I may have finally communicated my actual concerns and
I'm interested to see what Martin comes up with in his updated PR.

cheers

On 10 October 2014 11:02, Mark Nottingham notifications@github.com wrote:

Hey Greg - just a side note; please try to keep diffs on proposals for
design issues as minimal as possible, so people can more easily evaluate
what you're proposing. If you have editorial suggestions / cleanup that
you'd like to do, that can go in a separate (editorial) pull.

Thanks,


Reply to this email directly or view it on GitHub
#627 (comment).

Greg Wilkins gregw@intalio.com @ Webtide - an Intalio subsidiary
http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales
http://www.webtide.com advice and support for jetty and cometd.

@martinthomson martinthomson mentioned this pull request Oct 10, 2014
Closed
@mnot
Copy link
Member

mnot commented Nov 24, 2014

Adopting #644.

@mnot mnot closed this Nov 24, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@gregw @mnot