Summary
kwik completes a QUIC handshake when the client offers only TLS 1.2 (0x0303) in the supported_versions extension. This appears to violate RFC 9001, which requires at least TLS 1.3 for QUIC.
Details
In this test, the client modifies the following field:
supported_versions = [0x0303] // TLS 1.2
Expected behaviour:
- The server must reject the handshake, since TLS 1.3 is required for QUIC.
Observed behaviour:
We differentially tested 13 other QUIC implementations (quic-go, quiche, msquic, etc.), which all fail the handshake under the same conditions.
RFC 9001
Clients MUST NOT offer TLS versions older than 1.3. A badly configured TLS implementation could negotiate TLS 1.2 or another older version of TLS. An endpoint MUST terminate the connection if a version of TLS older than 1.3 is negotiated.
Notes
This behaviour suggests that Kwik may not be enforcing the TLS 1.3 requirement during version negotiation.
Happy to provide additional information/packet traces if helpful.
Summary
kwik completes a QUIC handshake when the client offers only TLS 1.2 (0x0303) in the supported_versions extension. This appears to violate RFC 9001, which requires at least TLS 1.3 for QUIC.
Details
In this test, the client modifies the following field:
supported_versions = [0x0303] // TLS 1.2Expected behaviour:
Observed behaviour:
We differentially tested 13 other QUIC implementations (quic-go, quiche, msquic, etc.), which all fail the handshake under the same conditions.
RFC 9001
Notes
This behaviour suggests that Kwik may not be enforcing the TLS 1.3 requirement during version negotiation.
Happy to provide additional information/packet traces if helpful.