Timeline for Does a TLS client needs to support one of the named groups (curves?) supported by the server for TLS handshake to succeed?
Current License: CC BY-SA 4.0
5 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Nov 21, 2019 at 6:28 | comment | added | dave_thompson_085 | If you have time and permission, you might want to put a network capture for a day or two and look at the ClientHello's you receive to see what your clients do and do not support. | |
| Nov 21, 2019 at 6:26 | comment | added | dave_thompson_085 | WinXP schannel doesn't support ECC at all, so curve mismatch is meaningless. It also supports DHE only with 'DSS' (DSA) which in practice makes it nearly unusable (thus no forward secrecy) and doesn't support TLS versions above 1.0 (now commonly required) or data ciphers better than 3DES (no AES or ChaCha). Before/without SP3 it doesn't support SHA-2 signed certificates, which are effectively mandatory on the public net since 2015. But if software on XP uses its own stack, like OpenSSL, NSS, or Java, schannel doesn't matter. | |
| Nov 20, 2019 at 13:37 | vote | accept | Nitradamus | ||
| Nov 20, 2019 at 10:40 | answer | added | mti2935 | timeline score: 1 | |
| Nov 20, 2019 at 8:03 | history | asked | Nitradamus | CC BY-SA 4.0 |