> On 3/4/19 5:13 AM, Charles Kozler wrote: > > > I can't reproduce problems with those commands. Are you working in a > site that uses TLS traffic inspection? If so, that would explain the > problem. Traffic inspection services that haven't been updated to > support TLS 1.3 will break for remote services that support 1.3, by design. I am and the corporate firewall is out of my control That being said, what exactly is the problem here then? As you can see from my outside test an initial v1 session is established and then a v1.3 is set after a secure renegotiation. Is it the filter that is not adhering or honoring the secure renegotiation and keeping me at TLSv1 and then F29 new rules are failing me out completely? In either case, the client should be able to receive the TLSv1 session but soft reject it by issuing a renegotiation as you can see in my external example - no? Unless I am missing something fairly obvious, I still can't see why not supporting < 1.2 makes SSL routines hard-die..it should be more intuitive and/or easily configurable or documented better - no? I am all for contributing but I just want to be sure there isnt something obvious that I somehow missed before I enter that rabbit hole I figured the inspection was part of the problem, but it shouldnt be seen as the source of the problem _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx