Hacker News new | ask | show | jobs
by ComputerGuru 1023 days ago
I never heard of reshade before but that is quite crazy. The only explanation I can think of is that the backend they connect to implements TLS 1.3 but in a broken way (because the client crypto lib would otherwise fall back to TLS 1.2 on its own) which really makes you wonder just how broken the crypto impl on their servers is and how many vulnerabilities they’re wide open to.
2 comments
userbinator 1023 days ago
TLS 1.3 is IMHO still too new to have stabilised and had all the edge-cases worked out. 1.2 was first released in 2008 and only started becoming a requirement more than ~10 years later. I'm not sure how the situation with 1.2 was but I know there were several draft versions of 1.3, which do not interoperate yet had public implementations. That might be what's happening there.
link
1vuio0pswjnm7 1023 days ago
Here are a few sites one (IMHO) would expect to support TLS1.3 but do not

   www.digitalocean.com
   arstechnica.com (Amazon)
   git.kernel.org
   cdn.netbsd.org (Fastly)
link