The actual feature uses an 8-byte value, it's just that the DOWNGRD part (the first 7 bytes) is intuitively easy to follow so why spell it all out in hexadecimal or whatever.
So it's one in 2^64 random connections
Also the client isn't even checking for possible downgrade if it got the protocol version it wanted (if I wanted TLS 1.3 and I got TLS 1.3 that is not a downgrade). So if "One in every 16 billion billion connections fails" is unacceptable, upgrade your servers and the problem vanishes.
So it's one in 2^64 random connections
Also the client isn't even checking for possible downgrade if it got the protocol version it wanted (if I wanted TLS 1.3 and I got TLS 1.3 that is not a downgrade). So if "One in every 16 billion billion connections fails" is unacceptable, upgrade your servers and the problem vanishes.