[openssl-project] Potentially bad news on TLS 1.3 compatibility (sans SNI)

Viktor Dukhovni openssl-users at dukhovni.org
Wed Apr 18 14:25:27 UTC 2018

> On Apr 18, 2018, at 10:12 AM, Andy Polyakov <appro at openssl.org> wrote:
> With this in mind, wouldn't it be more
> appropriate to simply not offer 1.3 capability if application didn't
> provide input for SNI?

That's what Rich suggested, and it makes sense, but what does not make any sense to me is what Google is doing.  Snatching defeat from the jaws of victory by needlessly forcing clients to downgrade to TLS 1.2.  Is there a justification for this?


More information about the openssl-project mailing list