On Fri, Dec 14, 2018 at 10:11:38PM +0100, Martin Rex wrote:
> Nico Williams wrote:
> > On Wed, Dec 12, 2018 at 04:21:43PM -0600, David Benjamin wrote:
> >> We have one more update for you all on TLS 1.3 deployment issues. Over the
> >> course of deploying TLS 1.3 to Google servers, we found that
Nico Williams wrote:
> On Wed, Dec 12, 2018 at 04:21:43PM -0600, David Benjamin wrote:
>> We have one more update for you all on TLS 1.3 deployment issues. Over the
>> course of deploying TLS 1.3 to Google servers, we found that JDK 11
>> unfortunately implemented TLS 1.3 incorrectly. On
On Fri, Dec 14, 2018 at 10:50 AM Nico Williams
wrote:
> If the server rejects resumption I guess the client would still fail,
> but this is much better than failing at 100% of all resumptions and
> better than adding fingerprinting and downgrades.
>
In order for TLS 1.3 deployment to be viable
On Wed, Dec 12, 2018 at 04:21:43PM -0600, David Benjamin wrote:
> We have one more update for you all on TLS 1.3 deployment issues. Over the
> course of deploying TLS 1.3 to Google servers, we found that JDK 11
> unfortunately implemented TLS 1.3 incorrectly. On resumption, it fails to
> send the
On Thursday, 13 December 2018 18:04:12 CET David Benjamin wrote:
> On Thu, Dec 13, 2018 at 10:54 AM Hubert Kario wrote:
> > On Wednesday, 12 December 2018 23:21:43 CET David Benjamin wrote:
> > > Hi folks,
> > >
> > > We have one more update for you all on TLS 1.3 deployment issues. Over
> > >
On Thu, Dec 13, 2018 at 10:54 AM Hubert Kario wrote:
> On Wednesday, 12 December 2018 23:21:43 CET David Benjamin wrote:
> > Hi folks,
> >
> > We have one more update for you all on TLS 1.3 deployment issues. Over
> the
> > course of deploying TLS 1.3 to Google servers, we found that JDK 11
> >
On Wednesday, 12 December 2018 23:21:43 CET David Benjamin wrote:
> Hi folks,
>
> We have one more update for you all on TLS 1.3 deployment issues. Over the
> course of deploying TLS 1.3 to Google servers, we found that JDK 11
> unfortunately implemented TLS 1.3 incorrectly. On resumption, it
Hi folks,
We have one more update for you all on TLS 1.3 deployment issues. Over the
course of deploying TLS 1.3 to Google servers, we found that JDK 11
unfortunately implemented TLS 1.3 incorrectly. On resumption, it fails to
send the SNI extension. This means that the first connection from a