* Second, using TLS1.2 does not technically address the issue. If the client were to exclusively offer DHE-based ciphersuites, then the visibility techniques that have been used in the past are thwarted. * Yes, the server cannot use the "tls_visibility" extension unless the client offers it. This is to enable client opt-in.
It looks like both the TLS1.2 solution and “TLS1.3-visibility” depend on the client to support certain options…
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
