* Second, using TLS1.2 does not technically address the issue. If the
client were to exclusively offer DHE-based ciphersuites, then the visibility
techniques that have been used in the past are thwarted.
* Yes, the server cannot use the "tls_visibility" extension unless the
client offers it. This is to enable client opt-in.
It looks like both the TLS1.2 solution and “TLS1.3-visibility” depend on the
client to support certain options…
TLS mailing list