Thomas Munro <thomas.mu...@gmail.com> writes: > On Sun, Mar 17, 2019 at 2:00 AM Thomas Munro <thomas.mu...@gmail.com> wrote: >> I opened a bug report with OpenSSL, let's see what they say: >> https://github.com/openssl/openssl/issues/8500
> This was an intentional change in TLS1.3, reducing round trips by > verifying the client certificate later. Ugh. So probably we can reproduce it elsewhere if we use cutting-edge OpenSSL versions. > I'm pretty sure the fix I mentioned earlier -- namely adding an ad-hoc > call to pqHandleSendFailure() if we fail to send the start-up packet > -- would fix eelpout's measles (though obviously wouldn't solve the > problem for Windows given what we have learned about its TCP > implementation). I should probably go and do that, unless you want to > write the more general handling for send failure you described, and > are prepared to back-patch it? Well, I'm not sure about the back-patching aspect of that, but maybe I should write the patch and then we should see how risky it looks. Give me a few days ... regards, tom lane