Hello, PR#1163 in draft-26 seems to have broken interop with previous drafts with a variety of deployed implementations. draft-26 and later clients fail with a protocol_version alert.
Affected Internet servers include: cloudflare.com: offers draft-23, intolerant to draft-26 www.apple.com: seemingly unwilling to negotiate any draft, but intolerant anyway(?) www.microsoft.com: same google.com: same https://jbp.io/assets/tls13-logs/cloudflare.broken.txt https://jbp.io/assets/tls13-logs/apple.broken.txt https://jbp.io/assets/tls13-logs/microsoft.broken.txt https://jbp.io/assets/tls13-logs/google.broken.txt In all these cases, offering TLS1.2 in supported_versions (ie, the pre-draft-26 behaviour) works, and TLS1.2 is negotiated: https://jbp.io/assets/tls13-logs/cloudflare.works.txt https://jbp.io/assets/tls13-logs/apple.works.txt https://jbp.io/assets/tls13-logs/microsoft.works.txt https://jbp.io/assets/tls13-logs/google.works.txt Corroboration appreciated. It's totally possible I'm doing something stupid :) Thanks, Joe _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
