Kurt Roeckx kurt at roeckx.be
Mon May 20 19:01:46 UTC 2019

On Mon, May 20, 2019 at 10:21:45AM -0700, Paul Yang wrote:
> The Chinese modified TLS protocol is not intended to interoperate with any other TLS protocols. The cipher suites defined in this protocol should not be used with the standard IETF TLS. So I guess what Matt said would be feasible to do. But in reality, users may want to have a combination of both IETF TLS and Chinese TLS together when he launches a TLS server or client, to have the auto-selection functionality if a TLS client comes in. So the way of implementation would be tricky...

So I think there are 3 options:
- You use TLS, not some Chinese variant, and add things like Chinese
  ciphers to it.
- Use something that's not TLS at all, a Chinese variant, and
  don't support both protocols on the same port.
- Support both on the same port. This will require coordination
  with IANA and/or IETF.


More information about the openssl-project mailing list