On Jul 31, 2020, at 12:30 PM, Jim Schaad <i...@augustcellars.com> wrote: > > Ok – so this issue was raised at IETF 102. (presentation > https://www.ietf.org/proceedings/102/slides/slides-102-emu-eap-tls-with-tls-13-00) > > Just reading the slides is not telling me what was the problem. I think I am > going to need to hear the audio of the presentation. I have an extremely > vague memory that there was an OpenSSL problem involved here but I would not > swear to that. You might be a better description either from John Mattsson > or Jouni.
IIRC it's that OpenSSL doesn't have an API to send a zero bytes of application data. I think other TLS implementations have similar limitations. Regardless of what solution is implemented, the requirement is to have a positive acknowledgement that TLS setup is finished. This step seems to be missing by default in TLS 1.3. I suspect that most uses of TLS will *always* send application data. Which makes EAP-TLS an outlier. Hence the need for hacks like "send application data as one octet of zero". Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
