Hello,

PR#1163 in draft-26 seems to have broken interop with previous drafts
with a variety of deployed implementations. draft-26 and later clients
fail with a protocol_version alert.

Affected Internet servers include:

cloudflare.com: offers draft-23, intolerant to draft-26
www.apple.com: seemingly unwilling to negotiate any draft, but
intolerant anyway(?)
www.microsoft.com: same
google.com: same

https://jbp.io/assets/tls13-logs/cloudflare.broken.txt
https://jbp.io/assets/tls13-logs/apple.broken.txt
https://jbp.io/assets/tls13-logs/microsoft.broken.txt
https://jbp.io/assets/tls13-logs/google.broken.txt

In all these cases, offering TLS1.2 in supported_versions (ie, the
pre-draft-26 behaviour) works, and TLS1.2 is negotiated:

https://jbp.io/assets/tls13-logs/cloudflare.works.txt
https://jbp.io/assets/tls13-logs/apple.works.txt
https://jbp.io/assets/tls13-logs/microsoft.works.txt
https://jbp.io/assets/tls13-logs/google.works.txt

Corroboration appreciated.  It's totally possible I'm doing something stupid :)

Thanks,
Joe

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Reply via email to