On 3/4/19 5:13 AM, Charles Kozler wrote:
I can't reproduce problems with those commands. Are you working in a
site that uses TLS traffic inspection? If so, that would explain the
problem. Traffic inspection services that haven't been updated to
support TLS 1.3 will break for remote services that support 1.3, by design.
I am and the corporate firewall is out of my control
That being said, what exactly is the problem here then? As you can see from my outside
test an initial v1 session is established and then a v1.3 is set after a secure
renegotiation. Is it the filter that is not adhering or honoring the secure renegotiation
and keeping me at TLSv1 and then F29 new rules are failing me out completely? In either
case, the client should be able to receive the TLSv1 session but soft reject it by issuing
a renegotiation as you can see in my external example - no?
Unless I am missing something fairly obvious, I still can't see why not supporting
< 1.2 makes SSL routines hard-die..it should be more intuitive and/or easily
configurable or documented better - no?
I am all for contributing but I just want to be sure there isnt something obvious that I
somehow missed before I enter that rabbit hole
I figured the inspection was part of the problem, but it shouldnt be seen as the source of
the problem