Issue 630173 link

Starred by 3 users

Issue metadata

Status:	Fixed
Owner:	davidben@chromium.org
Closed:	Sep 2016
Components:	Internals>Network>SSL
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	3
Type:	Bug

Make the TLS 1.3 version fallback as short-lived as possible

Project Member Reported by davidben@chromium.org, Jul 21 2016

Issue description

Since TLS 1.3 will require a fallback ( issue #630165 ), we will have to take on the task of finding version-intolerant servers, reaching out to administrators, finding the affected vendors, asking them to fix it, and then going back to administrators and asking them to take updates.

This will mostly be non-code changes and lots of the behind-the-scenes contacting people we did for the previous fallback, but filings this so I remember to do it. Also to add metrics in Chromium where we need it.

In addition, we should, with very very careful safeguards (at minimum, gated on a field trial), lie in our ClientHello and advertise random high versions during periods when the TLSWG promises not to work on TLS 1.4.

Unlike the version-list extension proposal, it will require a ton of continuous manual care to keep from messing up, but we'll try it.

Comment 1 by davidben@chromium.org, Sep 21 2016

Status: Fixed (was: Assigned)

https://mailarchive.ietf.org/arch/msg/tls/xfCh7D7hISFs5x-eA0xHwksoLrc

As short-lived as possible? HOW ABOUT MAKING IT STAY GONE!?

Farewell, TLS version fallback. We said good-bye earlier, but now you probably won't be joining in the zombie apocalypse and we can close this bug.

Comment 2 by lgar...@chromium.org, Sep 21 2016

:-D

	version-fallbacks.jpg 78.6 KB View Download

►

Issue 630173 link

Issue metadata

Make the TLS 1.3 version fallback as short-lived as possible

Issue description

Comment 1 by davidben@chromium.org, Sep 21 2016

Comment 1 Deleted

Comment 2 by lgar...@chromium.org, Sep 21 2016

Comment 2 Deleted

Sign in to add a comment