Ugh. Thanks for the report! I can confirm this. This server appears to have implemented TLS 1.3 incorrectly. It is a draft-23 TLS 1.3 server, but it treats the RFC's version code, 0304, as draft-23, which is incorrect. This needs to be fixed or it will stop working in future versions of Chrome, Firefox, and other browsers as they deploy TLS 1.3.

Do you have a contact at Optimizely? Do you know what TLS stack they are running? Can you point them at this bug?

No, I don't know anybody there and don't know anything about their infrastructure.
I just work for a company that loads content from this host on our site.

Thank you for providing more feedback. Adding the requester to the cc list.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Looks like that site is hosted by Akamai. Mozilla ran into this with another Akamai-hosted site. It sounds like the issue is that older versions of OpenSSL had a bug in their draft versions.

I'll reach out to them too, but my understanding is they be updating their OpenSSL.

Akamai tells me TLS 1.3 will be disabled over their network starting 9/4 through 9/7.

Snoozing this for next week: we should check the issue's been resolved by then and, if not, follow up with them.

This appears to be resolved now.

Yes, it is (for now). They have disabled TLS 1.3 on their end. Hopefully this won't break again when they decide to reactivate TLS 1.3.

Deleted: Capture.PNG 6.5 KB

	Capture.PNG 6.5 KB View Download

The NextAction date has arrived: 2018-09-10