sfs8 pt1

[Dave Howe]

Charles Lindsey wrote:
> But AIUI, it is the server that lists the options it will support,
> and the browser that chooses which one will be used. Or is it the
> other way around?

It was the other way around in the packets I studied - the list came
from the browser, and was selected from by the server.

> If it is the browser that chooses, and if, as reported, it chooses
> the "first", is that the first in its list, or the first in the
> server's list? If it is in _its_ list, then could reordering the list
> solve the problem?

first in the browser's list that the server supports, by the look of
things - I haven't done an exhaustive test of that. I have no idea how
to get IE (or firefox, for that matter) to reorder the list though.

> But, in any case, it will be easier for concerned users to fix their 
> browsers, or persuade the implementors to do so, than to persuade all
>  the servers out there to change.

A browser that *only* admitted to DHE would presumably fail safe...