<div dir="ltr">I'd like to know what the 'expected'/'best' mechanism in the following case is:<div><br></div><div> - client (c2s) or server (s2s) connects to remote host</div><div> - remote host announces it supports, but does not require TLS</div>
<div> - TLS negotiations, start but initially fail (due to broken cert chain, expired certs, etc)</div><div> - remote server announces failure, and drops the tcp connection</div><div><br></div><div>then what?</div><div><br>
</div><div>Should the connecting entity cache this TLS failure, and retry without TLS, or is this treated as a impossible to connect scenario? (which it isn't because TLS isn't required to make the connection)</div>
<div><br></div><div>Comments?<br clear="all"><br>-- <br>- Norman Rasmussen<br> - Email: <a href="mailto:norman@rasmussen.co.za">norman@rasmussen.co.za</a><br> - Home page: <a href="http://norman.rasmussen.co.za/">http://norman.rasmussen.co.za/</a><br>
</div></div>