Re: interop for TLS clients proposing TLSv1.1

> Hi Yngve
>
> On Sep 22, 2011, at 12:32 AM, Yngve N. Pettersen (Developer Opera  
> Software ASA) wrote:
>
>> On Wed, 21 Sep 2011 22:48:33 +0200, Martin Rex <mrex@...> wrote:
>>
>>> Does anyone (SSL Labs, Opera, others) have any figures/stats about the
>>> current "TLSv1.1 version (in)tolerance" for TLS servers on the public
>>> internet?
>>
>> This week's test of 609726 servers gave these numbers:
>>
>>   * 1.145% of the probed servers were version intolerant for at least  
>> one
>> of the current TLS versions (1.0, 1.1, 1.2)
>>   * 1.742% were extension intolerant for the same versions
>>   * 1.136% belonged in both groups
>>
>> This gives an estimated total of 1.751% that are either version and/or
>> extension intolerant for the currently defined TLS versions.
>>
>> These numbers have been decreasing during the past year and a half,  
>> around
>> January 2011 it was 1.951% just for the version intolerant, 2.657% in  
>> may
>> 2010 (the extension numbers are not as detailed for those runs).
>>
>> Most of the version intolerant are intolerant for TLS 1.1 and TLS 1.2,  
>> but
>> some are SSLv3 only servers that are also intolerant for TLS 1.0. There  
>> is
>> even a 0.007% share that support TLS 1.1 (quite a lot of which has "vpn"
>> as the hostname).
>
> By "version intolerant" do you mean that you're sending a TLS 1.1 or 1.2  
> handshake message and the server rejects it?
>
> If you send a TLS 1.0 handshake message, with the version field of the  
> ClientHello showing 1.2, what portion of the servers would reject that  
> (rather than just replying in TLS 1.0)?
>
> Is that something you measure?  If the portion is very low, it could be  
> feasible to implement a client without fallback behavior.