Re: [TLS] Further TLS 1.3 deployment updates

2018-12-14 Thread Nico Williams
On Fri, Dec 14, 2018 at 10:11:38PM +0100, Martin Rex wrote: > Nico Williams wrote: > > On Wed, Dec 12, 2018 at 04:21:43PM -0600, David Benjamin wrote: > >> We have one more update for you all on TLS 1.3 deployment issues. Over the > >> course of deploying TLS 1.3 to Google servers, we found that

Re: [TLS] Further TLS 1.3 deployment updates

2018-12-14 Thread Martin Rex
Nico Williams wrote: > On Wed, Dec 12, 2018 at 04:21:43PM -0600, David Benjamin wrote: >> We have one more update for you all on TLS 1.3 deployment issues. Over the >> course of deploying TLS 1.3 to Google servers, we found that JDK 11 >> unfortunately implemented TLS 1.3 incorrectly. On

Re: [TLS] Further TLS 1.3 deployment updates

2018-12-14 Thread Adam Langley
On Fri, Dec 14, 2018 at 10:50 AM Nico Williams wrote: > If the server rejects resumption I guess the client would still fail, > but this is much better than failing at 100% of all resumptions and > better than adding fingerprinting and downgrades. > In order for TLS 1.3 deployment to be viable

Re: [TLS] Further TLS 1.3 deployment updates

2018-12-14 Thread Nico Williams
On Wed, Dec 12, 2018 at 04:21:43PM -0600, David Benjamin wrote: > We have one more update for you all on TLS 1.3 deployment issues. Over the > course of deploying TLS 1.3 to Google servers, we found that JDK 11 > unfortunately implemented TLS 1.3 incorrectly. On resumption, it fails to > send the

Re: [TLS] Further TLS 1.3 deployment updates

2018-12-13 Thread Hubert Kario
On Thursday, 13 December 2018 18:04:12 CET David Benjamin wrote: > On Thu, Dec 13, 2018 at 10:54 AM Hubert Kario wrote: > > On Wednesday, 12 December 2018 23:21:43 CET David Benjamin wrote: > > > Hi folks, > > > > > > We have one more update for you all on TLS 1.3 deployment issues. Over > > >

Re: [TLS] Further TLS 1.3 deployment updates

2018-12-13 Thread David Benjamin
On Thu, Dec 13, 2018 at 10:54 AM Hubert Kario wrote: > On Wednesday, 12 December 2018 23:21:43 CET David Benjamin wrote: > > Hi folks, > > > > We have one more update for you all on TLS 1.3 deployment issues. Over > the > > course of deploying TLS 1.3 to Google servers, we found that JDK 11 > >

Re: [TLS] Further TLS 1.3 deployment updates

2018-12-13 Thread Hubert Kario
On Wednesday, 12 December 2018 23:21:43 CET David Benjamin wrote: > Hi folks, > > We have one more update for you all on TLS 1.3 deployment issues. Over the > course of deploying TLS 1.3 to Google servers, we found that JDK 11 > unfortunately implemented TLS 1.3 incorrectly. On resumption, it