[openssl-project] Potentially bad news on TLS 1.3 compatibility (sans SNI)

Viktor Dukhovni openssl-users at dukhovni.org
Wed Apr 18 17:42:58 UTC 2018

> On Apr 18, 2018, at 1:14 PM, Kurt Roeckx <kurt at roeckx.be> wrote:
> I'm not sure you actually get downgraded? I get TLS 1.2 in all
> cases. I think they still speak a different draft version. If it's
> boringssl, I think they do 22 and 23 in the last release and 26
> (like we) in their current master version.

Perhaps that's right, even with SNI I get TLS 1.2, but with the right
certificate, whereas without SNI I get the wrong certificate.  It is
not clear what will happen when they actually support TLS 1.3.


More information about the openssl-project mailing list