Clarify that you can fall back by providing no ECH in EE

tlswg · Feb 17, 2024 · 0054c8e · 0054c8e
1 parent b5aed7b
commit 0054c8e
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/draft-ietf-tls-esni.md b/draft-ietf-tls-esni.md
@@ -877,9 +877,11 @@ because the client will send cookies to the server in parallel connections,
 using the retry configurations for these parallel connections does not
 introduce a new tracking vector.
 
-If none of the values provided in "retry_configs" contains a supported version,
-or an earlier TLS version was negotiated, the client can regard ECH as securely
-disabled by the server, and it SHOULD retry the handshake with a new transport
+If none of the values provided in "retry_configs" contains a supported
+version, the server did not supply an "encrypted_client_hello"
+extension in its EncryptedExtensions message, or an earlier TLS
+version was negotiated, the client can regard ECH as securely disabled
+by the server, and it SHOULD retry the handshake with a new transport
 connection and ECH disabled.
 
 Clients SHOULD implement a limit on retries caused by receipt of "retry_configs"