[openssl-project] Potentially bad news on TLS 1.3 compatibility (sans SNI)

Viktor Dukhovni openssl-users at dukhovni.org
Thu Apr 19 19:45:32 UTC 2018

> On Apr 19, 2018, at 2:54 PM, Salz, Rich <rsalz at akamai.com> wrote:
> David has pointed out valid use-cases.  I think most use-cases will "just work."  We should document the known sharp edges.

I am pointing valid use-cases that David has not taken into account, and conformance ratchets have cost/benefit trade-offs, and are fair game for discussion.  Ad hominem responses are entirely inappropriate, and an apology is due.

David has done lots of good work, but we're all human, and the SNI ratchet is problematic for at least SMTP.  I can legitimately be argued to be a poor tradeoff.

Even in HTTP where the client ought to send SNI, if it does not, but would accept the default certificate (with e.g. TLS 1.2), the rationale for deliberately unusable certificates with TLS 1.3 does not look compelling, especially given the privacy
leaks with SNI.


More information about the openssl-project mailing list