Update

Matt Caswell matt at openssl.org
Mon May 20 14:49:21 UTC 2019


On 20/05/2019 15:23, Salz, Rich wrote:
>>    I don't see it that way. As I understand it this is a completely different
>     protocol to standard TLS.
>
> That's an interesting point, but ... they use the SSL "name."

Which isn't even an IETF name...the IETF call it TLS ;-)

>> It is not intended to interoperate with it in any way.
> Is that true?  I didn't look closely at the protocol changes, but maybe you're right.  On the other hand, if so, then why keep the existing IETF numbers?


That was my understanding.

But perhaps Paul Yang can confirm?

>>    As a completely different protocol they can use whatever codepoints they want to
>     use as they see fit - and there is no conflict with IETF specifications.
>   
> If you are correct, then yes I agree.  But that makes any OpenSSL integration that much harder, doesn't it?  Would the project take on the work of making things like the apps and tests work?  In particular, a new global flag saying "tnssl" (or such), and failing to interop with existing TLS, checking the modified cipher suites (and disallowing them for real TLS), etc.
>
>
Yes, we would have to take care that the two really are separate.

Matt




More information about the openssl-project mailing list