I find myself reading the TLS spec (because what else would a boy do at 11pm on a Thursday?) and this document is full of cursed phrase in the form “For reasons of backwards compatibility with middleboxes…”

So far my highlights are “all negotiations must claim version 1.2, we’ll stuff the real version in somewhere else later to stop traffic inspectors crashing”, and “this new message identifies as an older message but one of the values is the SHA256 of the name of the new one”.