2024-06-03 15:34 GMT+02:00 Bas Westerbaan <b...@cloudflare.com>:
> More importantly, there are servers that will HRR to X25519 if presented a 
> P-256 keyshare. (Eg. BoringSSL's default behaviour.) Unfortunately I don't 
> have data at hand how often that happens.

Are you saying that some of the 97.6% of servers that support P-256 still HRR 
to X25519 if presented a P-256 keyshare and a {P-256, X25519} supported groups 
list, and that's BoringSSL's default behavior? I find that very surprising and 
would be curious about the rationale.
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org

Reply via email to