As per upstream: After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2019-17023 (currently private)
External References: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.49_release_notes
Statement: This flaw causes the client to hang when there is a downgrade attempt. Therefore no actual protocol downgrade occurs.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3280 https://access.redhat.com/errata/RHSA-2020:3280
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-17023
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4076 https://access.redhat.com/errata/RHSA-2020:4076