MTRNord
commented
1 year ago Shouldn't this be the other way around? TLS1.3 is supported by all modern devices these days. (Might not have been at the time of opening this issue). So it only makes sense to opt in to the more secure option, which is TLS1.3. And from experience with running an HS behind HTTP3 and HTTP2 as preferred ones with TLS1.3-only, I don't think there is any server not capable of accessing me. At least so far, I didn't hit issues.
See https://github.com/matrix-org/synapse/issues/8316 for more info