It looks like GnuTLS sends legacy session ID which must be prohibited in QUIC: https://tools.ietf.org/html/draft-ietf-quic-tls-34#section-8.4
Now I have to find how to make GnuTLS stop sending this.
Meanwhile it seems that OpenSSL does not check this thing out, which smells like a bug.
I'm going to close this issue here since this has been determined to be a GnuTLS bug and it isn't very useful for us to keep it open here as well. This should work with curl once GnuTLS is fixed to do right.
The latest GnuTLS-3.7.2 implements disable switch for TLSv1.3 compatible
mode for middle box but it is enabled by default, which is unnecessary
for QUIC.
Fixes#6896Closes#7202
It looks like boringssl backed server does not like ClientHello generated by GnuTLS. It is hard for me to debug this because it is TLS internal stuff.
Similar to #6864 but this only happens with GnuTLS builds now.
Originally posted by @tatsuhiro-t in #6864 (comment)
The text was updated successfully, but these errors were encountered: