Hi Rob, today we're currently rolling out an update to crypto.cloudflare.com that disables support for P-384 and P-521. This should allow you to easily trigger HRR.
Chris P. On Mon, Jun 7, 2021 at 9:24 AM Christopher Patton <cpat...@cloudflare.com> wrote: > Hi Rob, let me look into it. > > Chris P. > > On Fri, May 28, 2021 at 11:36 AM Rob Sayre <say...@gmail.com> wrote: > >> On Mon, Apr 5, 2021 at 10:02 AM Christopher Patton <cpatton= >> 40cloudflare....@dmarc.ietf.org> wrote: >> >>> Hi list, just FYI that Cloudflare's test server is upgrading to >>> draft-ietf-tls-esni-10 this morning. It should finish rolling out in a few >>> hours. Note that we've dropped support for draft-ietf-tls-esni-09. >>> >>> The endpoint is https://crypto.cloudflare.com. You'll also find our ECH >>> config in the HTTPS resource record. >>> >> >> I've gotten a Rustls client to interoperate with this server, but I had >> some trouble triggering HRR, since Rustls always sends a key-exchange group >> in TLS 1.3. I managed to hack up a ClientHello and handshake with no >> initial key-exchange group, but perhaps it could be easier. >> >> It might be nice to have this server reject secp384r1 and offer X25519 in >> an HRR, or something like that. >> >> thanks, >> Rob >> >>
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
