This is the SSL protocol itself. http://wp.netscape.com/eng/ssl3/traces/trc-clnt-us.html#ClientHello1
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of jimmy Sent: Monday, February 06, 2006 10:47 PM To: openssl-users@openssl.org Subject: reagrding extended hello on sess resumption Hi, Currently openssl-0.9.9 accepts a client hello (session resumption), with or without the extended hello part. Why is this so? Is it (or is it not) necessary to check if the extensions are the same as previously negotiated? i.e., shouldn't the extensions be validated w.r.t. previously negotiated values like the cipher & compression? Thanks, jimmy ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
