// Turn off post-handshake authentication for TLS 1.3 by default,
// until the incompatibility with HTTP/2 is resolved:
// https://tools.ietf.org/html/draft-davidben-http2-tls13-00
pref("security.tls.enable_post_handshake_auth", false);
And chrom{e,ium} isn't even considering implementing it until the specification is clarified.
This is implemented in firefox, but not enabled by default indeed. See https:/ /hg.mozilla. org/mozilla- central/ rev/1bb8ad86564 8:
// Turn off post-handshake authentication for TLS 1.3 by default, /tools. ietf.org/ html/draft- davidben- http2-tls13- 00 "security. tls.enable_ post_handshake_ auth", false);
// until the incompatibility with HTTP/2 is resolved:
// https:/
pref(
And chrom{e,ium} isn't even considering implementing it until the specification is clarified.