> What implementation are you working on? 

Proprietary, closed-source TLS stack.


>  Section 5.1 says that, in TLSPlaintext, the legacy_record_version "MUST be 
>ignored for all purposes". 

Agree.  The interop issue was definitely on my side, and I was just using it as 
background for my question.


Section 5.1 also says: "This value MUST be set to 0x0303 for all records 
generated by a TLS 1.3 implementation other than the ClientHello".  With my 
"implementer's hat" on the word "MUST" implies that it must be enforced.



> And, of course, any pre-1.3 middleboxes which hit this case are non-compliant.

Indeed.  If BoringSSL already uses 0x0303 on the retry CH while OpenSSL uses 
0x0301 then some (non-compliant) thing-a-ma-jig-in-the-middle will cause 
issues... and trigger the Universal Law of Users.


TLS mailing list

Reply via email to