> What implementation are you working on?
Proprietary, closed-source TLS stack.
> Section 5.1 says that, in TLSPlaintext, the legacy_record_version "MUST be
>ignored for all purposes".
Agree. The interop issue was definitely on my side, and I was just using it as
background for my question.
Section 5.1 also says: "This value MUST be set to 0x0303 for all records
generated by a TLS 1.3 implementation other than the ClientHello". With my
"implementer's hat" on the word "MUST" implies that it must be enforced.
> And, of course, any pre-1.3 middleboxes which hit this case are non-compliant.
Indeed. If BoringSSL already uses 0x0303 on the retry CH while OpenSSL uses
0x0301 then some (non-compliant) thing-a-ma-jig-in-the-middle will cause
issues... and trigger the Universal Law of Users.
TLS mailing list