zlacker

[return to "BlueCoat and other proxies hang up during TLS 1.3"]
1. JoshTr+w[view] [source] 2017-02-28 01:38:28
>>codero+(OP)
Note that this happens even when using a BlueCoat proxy in non-MITM mode. BlueCoat tries to "analyze" TLS connections, and rejects anything it doesn't understand. This exact issue occurred with TLS 1.2 back when BlueCoat only understood 1.1/1.0.

In this case, it doesn't sound like they're reverting it because of overall breakage, but rather because it breaks the tool that would otherwise be used to control TLS 1.3 trials and other configuration. Firefox had a similar issue, where they temporarily used more conservative settings for their updater than for the browser itself, to ensure that people could always obtain updates that might improve the situation.

◧◩
2. peterw+eN[view] [source] 2017-02-28 13:06:22
>>JoshTr+w
The fix should not have been reversion. The fix should have been a simple workaround that if the connection fails totally and no downgrade handshake attempt was made, make a new connection using 1.2 to start with, which would succeed and the connection opened. This would be equivalent to a downgrade handshake from 1.3 to 1.2 but without requiring all products support 1.3.
[go to top]