> On 3/4/19 3:16 PM, Charles Kozler wrote: > > > That's complicated. > https://blog.cloudflare.com/why-tls-1-3-isnt-in-browsers-yet/ > > See also section 2.2.3 of > https://tools.ietf.org/id/draft-camwinget-tls-use-cases-03.html > > We might be able to explain specifically what is broken with a packet > capture file from tcpdump or wireshark, and we might not. Send one if > you like. What I can say from experience is that TLS inspection > middleware is often broken, and it will disrupt communications. It's > not the client's fault. TLSv1.3 is not broken in my browser, in fact, it works fine and its only from command line tools. I mean, I show exactly what the issue is...and while it would suggest it is two part, the fact is this didnt occur in < F29 and there is a link pointing out the changes to not support < TLS v1.3. While I am not disagreeing with the change in F29, there should still exist a workaround when there are millions of people who are behind a corporate filter or packet inspector. Just saying they're broken isn't a correct solution when a workaround should exist for this change in F29 It boils down to github offering TLSv1 session and the Palo Alto not honoring the secure renegotiation keeping the connection to TLSv1.1 of which the new policy changes in F29 break this - this is the two part problem but the breaking change was in the policy change in F29 - which is what brings me to this post to try to identify where in the system I change said policies _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
