← Back to context

Comment by BobbyTables2

1 year ago

Perhaps in 40 years, we’ll still start encrypted sessions with TLS 1.2…

Hey, in 2024 we are still booting our 64bit PCs in 16bit real mode, just like the early 1980s! In the early 2000s, it was still crazy!

And we are still dealing with legacy PCI interrupt handling…

2 comments

BobbyTables2

Reply
tialaramex  1 year ago

To be clear, that's not a TLS 1.2 encrypted session. It's a TLS 1.3 encrypted session but it's spelled in such a way that if you are looking for a TLS 1.2 encrypted session this matches your expectation.

This carries on into the actual encrypted data packets. They look like TLS 1.2 messages with application data inside, but TLS 1.3 messages are actually just all spelled in such a way that all of them (regardless of whether they're application data or not) look like TLS 1.2 application data. So idiot middleboxes think it must just be application data, can't have any other meaniing.

  • p_l  1 year ago

    In similar philosophy, in a middlebox that wanted to decrypt the flows, I simply put TLS1.3 inside HTTPS CONNECT inside TLS1.2 stream.

    Horrible, but it was easier than updating the middlebox...