Bridges should be able to disable v1 and v2 link handshakes
There is no point in implementing scanning resistance and all that fancy stuff, if censors can make a bridge perform the fingerprintable v1/v2 link handshakes by adding a few ciphers to ClientHello, or renegotiating right after TLS.
There should be a way to disable v1 and v2 link handshakes before we implement scanning resistance stuff.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information