can not connect to real tls1.3 server

[hsulei]

my server use tls1.3 draft 18， i change supportedVersion to 0x7f12 ， then test ，always get AEAD decrypt failed error , when i watch cloudflare/tls-tris， i found some difference: when define CipherSuiteParams your code ：

cipherSuiteMap = map[CipherSuite]CipherSuiteParams{
		TLS_AES_128_GCM_SHA256: {
			Suite:  TLS_AES_128_GCM_SHA256,
			Cipher: newAESGCM,
			Hash:   crypto.SHA256,
			KeyLen: 16,
			IvLen:  12,
		},
		TLS_AES_256_GCM_SHA384: {
			Suite:  TLS_AES_256_GCM_SHA384,
			Cipher: newAESGCM,
			Hash:   crypto.SHA384,
			KeyLen: 32,
			IvLen:  12,
		},

cloudflare define :

type cipherSuite struct {
	id uint16
	// the lengths, in bytes, of the key material needed for each component.
	keyLen int
	macLen int
	ivLen  int
	ka     func(version uint16) keyAgreement
	// flags is a bitmask of the suite* values, above.
	flags  int
	cipher func(key, iv []byte, isRead bool) interface{}
	mac    func(version uint16, macKey []byte) macFunction
	aead   func(key, fixedNonce []byte) cipher.AEAD
}

var cipherSuites = []*cipherSuite{
	// TLS 1.3 ciphersuites specify only the AEAD and the HKDF hash.
	{TLS_CHACHA20_POLY1305_SHA256, 32, 0, 12, nil, suiteTLS13, nil, nil, aeadChaCha20Poly1305},
	{TLS_AES_128_GCM_SHA256, 16, 0, 4, nil, suiteTLS13, nil, nil, aeadAESGCM13},
	{TLS_AES_256_GCM_SHA384, 32, 0, 4, nil, suiteTLS13 | suiteSHA384, nil, nil, aeadAESGCM13},

TLS_AES_128_GCM_SHA256 and TLS_AES_256_GCM_SHA384 ivLen is 4。is your ivLen error？

[Lekensteyn]

TLS_AES_128_GCM_SHA256 and TLS_AES_256_GCM_SHA384 ivLen is 4。is your ivLen error？

No, this is an issue in tris, TLS 1.3 needs 12 bytes nonce. In TLS 1.2 there is a 4-byte implicit nonce (derived from the master secret) and a 8 byte explicit nonce (taken from the record), at least for AES-GCM. Maybe that is where the confusion came from.

Perhaps you could give more details about your setup, what client and server implementation are you using?