[jdev] TLS failure fallback considerations
Norman Rasmussen
norman at rasmussen.co.za
Tue Oct 14 06:23:29 CDT 2008
I'd like to know what the 'expected'/'best' mechanism in the following case
is:
- client (c2s) or server (s2s) connects to remote host
- remote host announces it supports, but does not require TLS
- TLS negotiations, start but initially fail (due to broken cert chain,
expired certs, etc)
- remote server announces failure, and drops the tcp connection
then what?
Should the connecting entity cache this TLS failure, and retry without TLS,
or is this treated as a impossible to connect scenario? (which it isn't
because TLS isn't required to make the connection)
Comments?
--
- Norman Rasmussen
- Email: norman at rasmussen.co.za
- Home page: http://norman.rasmussen.co.za/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.jabber.org/jdev/attachments/20081014/80147d70/attachment-0003.htm>
More information about the JDev
mailing list