[openssl-project] Potentially bad news on TLS 1.3 compatibility (sans SNI)

Kurt Roeckx kurt at roeckx.be
Wed Apr 18 17:14:47 UTC 2018

On Wed, Apr 18, 2018 at 11:05:05AM -0400, Viktor Dukhovni wrote:
> What I can blame them for is being counter-productively pedantic. Forget the RFC language, does what they're doing make sense and improve security or is it just a pointless downgrade justified by RFC text lawyering?

I'm not sure you actually get downgraded? I get TLS 1.2 in all
cases. I think they still speak a different draft version. If it's
boringssl, I think they do 22 and 23 in the last release and 26
(like we) in their current master version.


More information about the openssl-project mailing list