Compatibility of X25519Kyber768 ClientHello
Gentry Deng
me at gend.moe
Mon Oct 9 15:55:15 UTC 2023
Hello,
I recently encountered a compatibility issue with X25519Kyber768
<https://bugs.chromium.org/p/chromium/issues/detail?id=1484074>: I was
unable to access the site via X25519Kyber768-enabled Google Chrome on a
server with only TLS 1.2 enabled, but not TLS 1.3.
The Chromium team replied:
> Regarding TLS 1.2 vs TLS 1.3, a TLS ClientHello is generally good for
> all the parameters we support. So though we include TLS 1.3 with Kyber
> in there, we also include parameters for TLS 1.3 without Kyber and TLS
> 1.2. So if the server and network well behaving correctly, it's
> perfectly fine if the server only supports TLS 1.2.
>
> I'm able to reproduce the problem. It looks like a bug in
> www.paypal.cn's server. They didn't implement TLS 1.2 correctly.
> Specifically, they do not correctly handle when the ClientHello comes
> in in two reads. Before Kyber, this wasn't very common because
> ClientHellos usually fit in a packet. But Kyber makes ClientHellos
> larger, so it is possible to get only a partial ClientHello in the
> first read, and require a second read to try again. This is something
> that any TCP-based application needs to handle; you may not have
> gotten the whole message on a given read and need to keep on reading.
>
> www.paypal.cn will need to fix their server to correctly handle this case.
So the Chromium team isn't considering making a change, so I'm wondering
how compatible nginx is with this? Or what version is needed to make it
error free?
Best regards,
Gentry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20231009/ebbb353e/attachment.htm>
More information about the nginx
mailing list