Update
Kurt Roeckx
kurt at roeckx.be
Mon May 20 19:01:46 UTC 2019
On Mon, May 20, 2019 at 10:21:45AM -0700, Paul Yang wrote:
>
> The Chinese modified TLS protocol is not intended to interoperate with any other TLS protocols. The cipher suites defined in this protocol should not be used with the standard IETF TLS. So I guess what Matt said would be feasible to do. But in reality, users may want to have a combination of both IETF TLS and Chinese TLS together when he launches a TLS server or client, to have the auto-selection functionality if a TLS client comes in. So the way of implementation would be tricky...
So I think there are 3 options:
- You use TLS, not some Chinese variant, and add things like Chinese
ciphers to it.
- Use something that's not TLS at all, a Chinese variant, and
don't support both protocols on the same port.
- Support both on the same port. This will require coordination
with IANA and/or IETF.
Kurt
More information about the openssl-project
mailing list