> On Apr 15, 2018, at 2:24 AM, Bernd Edlinger <bernd.edlin...@hotmail.de> wrote: > > One possible example of application failure that I am aware of is #5743: > A certificate that is incompatible with TLS1.3 but works with TLS1.2. > Admittedly that I did come up with that scenario only because I saw > a possible issue per code inspection.
[ Repeating in part my response to Richar's mesage also in this thread ] This is a bug that needs to be fixed, the point format for TLS does not have any provenance over X.509. There's no such thing as a certificate not compatible with TLS 1.3 (that is compatible with TLS 1.2). -- Viktor. _______________________________________________ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project