Chrome seems to support TLS 1.3 since v70, and I'm on 99.
There's only the 0-RTT/EarlyData as far as I can tell that may be messing things up, is it required for TLS 1.3?
It's not enabled by default yet (still in dev?).
Yes, you’re not supposed to specify the cipher suites with TLS1.3
This guy also forces secp521r1 (the NSA curve which is impossible to implement correctly, is unsupported by Chrome and eventually by Firefox, and is dog slow) instead of using DJB’s x25519. This is what roleplaying as an SRE looks like.
The linked Mozilla bug report provides an excellent reason to drop P-521.
If you look at the telemetry for last actual Firefox release, only 8 (yes, eight!) out of 1.67 BILLION handshakes used a P-521 curve. This is a good indication that P-521 isn't needed, at least for certificates verified by web browsers.
- https://chromestatus.com/feature/5355238106071040
Chrome seems to support TLS 1.3 since v70, and I'm on 99.
There's only the 0-RTT/EarlyData as far as I can tell that may be messing things up, is it required for TLS 1.3? It's not enabled by default yet (still in dev?).
- https://chromestatus.com/feature/5447945241493504
- https://developers.cloudflare.com/ssl/edge-certificates/addi...