[openssl-project] The problem of (implicit) relinking and changed behaviour

Viktor Dukhovni openssl-users at dukhovni.org
Wed Apr 18 03:55:39 UTC 2018



> On Apr 17, 2018, at 11:27 PM, Salz, Rich <rsalz at akamai.com> wrote:
> 
> So far, if there's no SNI then we shouldn't do TLS 1.3 (as a client).  That seems easy to code.

That might be a sensible work-around, with a bit of care to make sure that the user has not also disabled TLS 1.2 (i.e. try TLS 1.3 without SNI if that's all that is enabled).

Would still like to know what's motivating Google's insistence on SNI...
Sounds like a rather unnecessary downgrade.

-- 
	Viktor.



More information about the openssl-project mailing list