Thanks, David. I think we’re on the same page now. > On Apr 29, 2021, at 12:47 PM, David Benjamin <david...@chromium.org> wrote: > > Ah yes, that is confusing. Not quite. What's going on here is that we've > moved 3DES (and SHA-1 server signatures) under a fallback connection, so our > first connection won't advertise them, but on error the second one will. This > means that, for compatibility and security purposes, we do support 3DES. But > when you look at the ClientHellos, it'll look like we don't. > https://groups.google.com/a/chromium.org/g/blink-dev/c/yaJcs4p9LNI/m/haZWzX-UBwAJ > > <https://groups.google.com/a/chromium.org/g/blink-dev/c/yaJcs4p9LNI/m/haZWzX-UBwAJ> Ah, yes. Now I see that when connecting to https://3des.badssl.com/ Chrome will send a retry client hello with TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
> (By the way, it looks like, on my machine, Safari on Big Sur also supports > TLS_RSA_WITH_3DES_EDE_CBC_SHA.) You are correct. I overlooked that one, which upon closer inspection was right next to the other ones the whole time.
_______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
