Am 29.03.2018 um 16:15 schrieb Eric Covener:
If you have this setup handy, could you check what happens if you
negotiate TLS1.3 then request a directory that has per-directory SSL
settings in it?
I assume it fails (renegotiation) but not sure how the logs will look.
That would be one big pitfall for flipping on tls1.3.
I think the expert group discussed this typical reneg use case before
removing reneg. It seems to me that this
https://tools.ietf.org/html/draft-ietf-tls-tls13-28#section-4.6.2
is what we are instead expected to do in the case of client cert
requirement for a sub directory. The server checks, whether the client
supports the "post_handshake_auth" extension and if so, it can send
later (after the handshake and probably also after handling some
requests) a CertificateRequest request message (without reneg).
To enforce stronger crypto after the handshake, maybe
https://tools.ietf.org/html/draft-ietf-tls-tls13-28#section-4.6.3
is the way to go, I'm not sure. I also do't know, whether this is still
a relevant use case for TLS 1.3, because it only uses 5 ciphers and
changing the default cipher list currently seems to be not really expected.
Regards,
Rainer
