Anyone who's seen the previous version of this site won't be looking at anything new, but I wanted to announce that I'd reworked the site to no longer be based on a years-old fork of an experimental version of BoringSSL.
Moving to OpenSSL changed the connection in some interesting ways; for example each "wrapped" record is now in its own wrapper instead of BoringSSL's technique of combining multiple records in a single wrapper. Overall this probably makes the document easier to follow.
The session tickets also got larger, which speaks to efficiencies in how BoringSSL was doing theirs. The server response still fits in a 1500 MTU though.
Moving to OpenSSL changed the connection in some interesting ways; for example each "wrapped" record is now in its own wrapper instead of BoringSSL's technique of combining multiple records in a single wrapper. Overall this probably makes the document easier to follow.
The session tickets also got larger, which speaks to efficiencies in how BoringSSL was doing theirs. The server response still fits in a 1500 MTU though.