2024-06-03 15:34 GMT+02:00 Bas Westerbaan <b...@cloudflare.com>:
> More importantly, there are servers that will HRR to X25519 if presented a
> P-256 keyshare. (Eg. BoringSSL's default behaviour.) Unfortunately I don't
> have data at hand how often that happens.
Are you saying that some of the 97.6% of servers that support P-256 still HRR
to X25519 if presented a P-256 keyshare and a {P-256, X25519} supported groups
list, and that's BoringSSL's default behavior? I find that very surprising and
would be curious about the rationale.
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org