> What implementation are you working on? Proprietary, closed-source TLS stack.
> Section 5.1 says that, in TLSPlaintext, the legacy_record_version "MUST be >ignored for all purposes". Agree. The interop issue was definitely on my side, and I was just using it as background for my question. Section 5.1 also says: "This value MUST be set to 0x0303 for all records generated by a TLS 1.3 implementation other than the ClientHello". With my "implementer's hat" on the word "MUST" implies that it must be enforced. > And, of course, any pre-1.3 middleboxes which hit this case are non-compliant. Indeed. If BoringSSL already uses 0x0303 on the retry CH while OpenSSL uses 0x0301 then some (non-compliant) thing-a-ma-jig-in-the-middle will cause issues... and trigger the Universal Law of Users.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls