Hubert,
On 10/23/2014 07:53, Hubert Kario wrote:
Are there phone/tablets which can't install any 3rd party browsers at all ?
AFAIK, iOS devices require you to use the system TLS stack.
I see, I didn't know.
But it still would seem that any second connection (fallback) would be
dictated by the browser implementation itself, and not the stack.
Anyway, the very fallback we are talking about here is a known
vulnerability.
It sounds like we want a browser that is current on vulnerability fixes,
except for this one.
I'm not saying it isn't. But it is behaviour that is expected by users.
I think most users are woefully unaware of any TLS connection retry /
fallback being done by the browser.
I think you meant to say that users expect the browser to continue to
work with all their legacy TLS-intolerant devices somehow.
That doesn't mean that a legacy mode of operation in the browser
wouldn't be an acceptable solution to them.
Do you have any pointer to the versions and data for this 99% / 89% ?
http://www.ietf.org/proceedings/90/slides/slides-90-tls-0.pdf
Thank you. The 11% of TLS 1.3 intolerant servers is scary indeed. Do we
have any idea which SSL stacks / server vendors are affected ?
Julien
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
