> Hi Yngve
> On Sep 22, 2011, at 12:32 AM, Yngve N. Pettersen (Developer Opera
> Software ASA) wrote:
>> On Wed, 21 Sep 2011 22:48:33 +0200, Martin Rex <mrex@...> wrote:
>>> Does anyone (SSL Labs, Opera, others) have any figures/stats about the
>>> current "TLSv1.1 version (in)tolerance" for TLS servers on the public
>> This week's test of 609726 servers gave these numbers:
>> * 1.145% of the probed servers were version intolerant for at least
>> of the current TLS versions (1.0, 1.1, 1.2)
>> * 1.742% were extension intolerant for the same versions
>> * 1.136% belonged in both groups
>> This gives an estimated total of 1.751% that are either version and/or
>> extension intolerant for the currently defined TLS versions.
>> These numbers have been decreasing during the past year and a half,
>> January 2011 it was 1.951% just for the version intolerant, 2.657% in
>> 2010 (the extension numbers are not as detailed for those runs).
>> Most of the version intolerant are intolerant for TLS 1.1 and TLS 1.2,
>> some are SSLv3 only servers that are also intolerant for TLS 1.0. There
>> even a 0.007% share that support TLS 1.1 (quite a lot of which has "vpn"
>> as the hostname).
> By "version intolerant" do you mean that you're sending a TLS 1.1 or 1.2
> handshake message and the server rejects it?
> If you send a TLS 1.0 handshake message, with the version field of the
> ClientHello showing 1.2, what portion of the servers would reject that
> (rather than just replying in TLS 1.0)?
> Is that something you measure? If the portion is very low, it could be
> feasible to implement a client without fallback behavior.
The testing is performed using two record protocol versions: Either 3.0 or
3.1 (starting with 3.0), depending on what actually works
The record version is supposed to be the lowest version the server is
known to support. At present all clients are AFAIK sending 3.1, unless
they are offering 3.0 as the highest version, or is trying 3.0 in
combination with 3.1.
Intolerance is considered present if the server does not negotiate a
version it is known to support, when a higher version than supported is
sent in the Client Hello (e.g 3.1 is known, sending 3.2), and there is
some form of handshake failure (including abrupt connection shutdown)
either as the handshake is sent, or during the handshake, before it is
There are some servers (0.487%), for example www.mozilla.com, that will
not negotiate TLS 1.0 (0.487%) or TLS 1.1 (0.217%) if the record protocol
Extension intolerance is detected in a similar fashion.