Client will always offer TLS 1.2, regardless of configuration via FFI_mitls_configure

project-everest / mitls-fstar

Verified implementation of TLS 1.3 in F*

https://www.mitls.org

Other

173 stars 16 forks source link

Client will always offer TLS 1.2, regardless of configuration via FFI_mitls_configure #182

Open oweisse-msft opened 7 years ago

oweisse-msft commented 7 years ago

_suportedversions extension in ClientHello will always contain also 0x0303 (TLS 1.2) alongside 0x7F15 (TLS 1.3 draft 21) , even though _FFI_mitlsconfigure was called with "1.3". In comparison, OpenSSL and NSS will only offer 0x7F15 after being configured for TLS 1.3 only.

BarryBo commented 6 years ago

Assigning to you, to determine if this is a bug, and if it'll be caught/fixed during verification work.