Merge pull request #1321 from ekr/issue1310

MT's proposed change. Fixes #1310. Fixes #1319
tlswg · Jul 7, 2023 · 3a03304 · 3a03304
2 parents 76c269f + 1c10608
commit 3a03304
Showing 1 changed file with 8 additions and 9 deletions.
diff --git a/draft-ietf-tls-rfc8446bis.md b/draft-ietf-tls-rfc8446bis.md
@@ -517,7 +517,7 @@ specific technical changes:
 
 - Forbid negotiating TLS 1.0 and 1.1 as they are now deprecated by {{!RFC8996}}.
 
-- Removes ambiguity around which hash is used with PreSharedKeys and 
+- Removes ambiguity around which hash is used with PreSharedKeys and
   HelloRetryRequest.
 
 - Require that clients ignore NewSessionTicket if they do not
@@ -1568,16 +1568,15 @@ Random value to the bytes:
 
       44 4F 57 4E 47 52 44 01
 
-If negotiating TLS 1.1 or below, TLS 1.3 servers MUST, and TLS 1.2
-servers SHOULD, set the last 8 bytes of their ServerHello.Random value to the
+{{RFC8996}} and {{backward-compatibility-security}} forbid
+the negotiation of TLS versions below 1.2. However, server
+implementations which do not follow that guidance MUST
+set the last 8 bytes of their ServerHello.random value to the
 bytes:
 
       44 4F 57 4E 47 52 44 00
 
 
-Note that {{RFC8996}} and {{backward-compatibility-security}} forbid
-the negotation of TLS versions below 1.2; implementations which do not
-follow that guidance MUST behave as described above.
 
 TLS 1.3 clients receiving a ServerHello indicating TLS 1.2 or below
 MUST check that the last 8 bytes are not equal to either of these values.
@@ -3931,7 +3930,7 @@ There are cryptographic limits on the amount of plaintext which can be
 safely encrypted under a given set of keys.  {{AEAD-LIMITS}} provides
 an analysis of these limits under the assumption that the underlying
 primitive (AES or ChaCha20) has no weaknesses. Implementations MUST
-either close the connection or 
+either close the connection or
 do a key update as described in {{key-update}} prior to reaching these limits.
 Note that it is not possible to perform a KeyUpdate for early data
 and therefore implementations MUST not exceed the limits
@@ -6122,7 +6121,7 @@ Since -05
 - Reference RFC 8773 (PR 1296)
 - Add some more information about application bindings and cite
   6125-bis (PR 1297)
-  
+
 Since -04
 
 * Update the extension table (Issue 1241)
@@ -6446,7 +6445,7 @@ Since -00
       Brian Smith
       Independent
       brian@briansmith.org
-      
+
       Ben Smyth
       Ampersand
       www.bensmyth.com