> On Apr 17, 2018, at 11:27 PM, Salz, Rich <rs...@akamai.com> wrote: > > So far, if there's no SNI then we shouldn't do TLS 1.3 (as a client). That > seems easy to code.
That might be a sensible work-around, with a bit of care to make sure that the user has not also disabled TLS 1.2 (i.e. try TLS 1.3 without SNI if that's all that is enabled). Would still like to know what's motivating Google's insistence on SNI... Sounds like a rather unnecessary downgrade. -- Viktor. _______________________________________________ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project