GrumpyOldTroll
commented
2 years ago I think you're right, this should be the same TLS Cipher Suite for both, and we should remove the option to have different ones.
I read thru https://www.rfc-editor.org/rfc/rfc9001.html#section-5 again harder, particularly section 5.3, and it looks to me like the TLS cipher suite value uniquely determines both the AEAD algorithm and the header protection algorithm.
Do we need to keep this as an option or is it fine to just have the same for both?