[openssl-project] Inappropriate fallback triggered when "holes" in client protocol list indirectly exclude TLSv1.3
Viktor Dukhovni
openssl-users at dukhovni.org
Wed Aug 15 16:08:09 UTC 2018
> On Aug 15, 2018, at 11:50 AM, Matt Caswell <matt at openssl.org> wrote:
>>
>> I think this counts as a regression, the client should notice that
>> it implicitly disabled TLS 1.3, and therefore not react to the
>> server's version sentinel by aborting the connection. Thoughts?
>>
>
> Hmm. Yes we should probably handle this scenario. Can you open a github
> issue?
https://github.com/openssl/openssl/issues/6964
--
Viktor.
More information about the openssl-project
mailing list