RFC Errata
Found 1 record.
Status: Verified (1)
RFC 6460, "Suite B Profile for Transport Layer Security (TLS)", January 2012
Note: This RFC has been updated by RFC 8996
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
Errata ID: 3363
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Russ Housley
Date Reported: 2012-09-24
Verifier Name: Sean Turner
Date Verified: 2012-10-30
Section 4 says:
One of these two cipher suites MUST be the first (most preferred) cipher suites in the ClientHello message. A Suite B TLS client that offers interoperability with servers that are not Suite B compliant MAY offer additional cipher suites, but any additional cipher suites MUST appear after the two Suite B compliant cipher suites in the ClientHello message.
It should say:
One of these two cipher suites MUST be the first (most preferred) cipher suites in the ClientHello message, ignoring the TLS Signaling Cipher Suite Value (SCSV) from RFC 5746 if it is present. A Suite B TLS client that offers interoperability with servers that are not Suite B compliant MAY offer additional cipher suites, but any additional cipher suites MUST appear after the two Suite B compliant cipher suites in the ClientHello message.
Notes:
The SCSV defined in RFC 5746 is not considered a "true cipher suite". As a result, the inclusion of the SCSV will not result in the selection of an unexpected cipher suite. This clarification makes it clear that the use of the SCSV does not prevent an implementation from being considered Suite B compliant.