[Nextgrid]

As far as I understand this garbage protocol is designed to be compatible with TLS 1.3 clients.

Can clients detect the use of this, and if detected refuse to connect with a scary warning? That should kill this abomination fairly effectively.

[gruez]

Afaik the protocol is merely TLS 1.3 with fixed DH parameters. In that case it's pretty easy to detect: keep a client side list of DH parameters used by servers (hashed, limited to the last n connections), and terminate any connections that shows reuse.

[ratling]

You're essentially losing PFS if you do this, since those keys are now available. This would work, though it would probably have to be at the application level.

[gruez]

>(hashed, limited to the last n connections)