[Lukasa]

> Re configurable TLS: TLS 1.3 allows services to perfectly pin certs and reject your custom root CA. It breaks the flow you are talking about that has worked up to 1.2. The answer is to not build a myopic protocol/technology that only cares about 1 dimension of usage.

No it doesn't. I have no idea what technology you think this is (maybe HPKP?), but installing a local root CA absolutely continues to work in all browsers with TLS 1.3.

[dcow]

TLS proxies need to be able to inspect the server certificate response in order to dynamically generate an appropriate certificate. This flow doesn't work in TLS 1.3 since the certificate is encrypted to prevent MITM.

[aisio]

MITM for TLSv1.3 is possible. Plenty of solutions available for enterprises to do this. The MITM occurs still happens for TLSv1.3 on key exchange, allowing for the subsequent certificate to also be MITM and be replaced and encrypted. The only real affect TLSv1.3 has for MITM is that company policies for decryption can't match on the cert to determine if decrypt should occur, but they can still use the SNI which is plaintext

[dcow]

I thought combined with encrypted SNI this was no longer possible since the middleware doesn't have access to that information.