Encrypted SNI can’t work against active attackers: on 1.3 failure, browsers will fallback to 1.2 which leaks it before downgrade is detected
@FiloSottile It would prb be reasonable to have fallback from TLS 1.3 ClientHello w/ encrypted SNI to TLS 1.3 ClientHello w/ plaintext SNI.
-
-
@FiloSottile But, I don't want the only way to do things compatibility to be TLS 1.3 w/ encrypted SNI -> TLS 1.2.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.