Hello,
I recently encountered a compatibility issue with X25519Kyber768
<https://bugs.chromium.org/p/chromium/issues/detail?id=1484074>: I was
unable to access the site via X25519Kyber768-enabled Google Chrome on a
server with only TLS 1.2 enabled, but not TLS 1.3.
The Chromium team replied:
Regarding TLS 1.2 vs TLS 1.3, a TLS ClientHello is generally good for
all the parameters we support. So though we include TLS 1.3 with Kyber
in there, we also include parameters for TLS 1.3 without Kyber and TLS
1.2. So if the server and network well behaving correctly, it's
perfectly fine if the server only supports TLS 1.2.
I'm able to reproduce the problem. It looks like a bug in
www.paypal.cn's server. They didn't implement TLS 1.2 correctly.
Specifically, they do not correctly handle when the ClientHello comes
in in two reads. Before Kyber, this wasn't very common because
ClientHellos usually fit in a packet. But Kyber makes ClientHellos
larger, so it is possible to get only a partial ClientHello in the
first read, and require a second read to try again. This is something
that any TCP-based application needs to handle; you may not have
gotten the whole message on a given read and need to keep on reading.
www.paypal.cn will need to fix their server to correctly handle this case.
So the Chromium team isn't considering making a change, so I'm wondering
how compatible nginx is with this? Or what version is needed to make it
error free?
Best regards,
Gentry
_______________________________________________
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
