Hacker News new | past | comments | ask | show | jobs | submit login

If the server hasn't ordered preferences then wouldn't you be trusting that every client is updated enough to understand what "highest" means?



Perhaps you are thinking of cipher selection, and "prefer server ciphers"? Those are separate tunables.

EDIT: Here is a description of protocol selection: https://en.wikipedia.org/wiki/Transport_Layer_Security#Basic... and shows the basic negotiation phase.

(first two bullet points under the first numbered item)


Since TLS 1.3, version selection is more similar to cipher selection. See https://tools.ietf.org/html/rfc8446#section-4.2.1 : "The extension contains a list of supported versions in preference order, with the most preferred version first."




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: