[Cryptography] WireGuard

[Peter Gutmann]

John-Mark Gurney <jmg at funkthat.com> writes:

>The issues w/ TLS is that previous versions did not integrate all protocol
>messages into the key agreement, and that the client would have to "self
>downgrade" to allow broken servers to negotiate a functional channel...

This was actually fixed with the (somewhat misnamed) Extended Master Secret,
EMS.  Admittedly you can still try and roll that back and it'll be detected,
but later on in the handshake process. 

Peter.