one correction:
> cipher suite used: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
It is actually TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
On Tue, 17 Oct 2023 at 13:55, M K Saravanan wrote:
> Hi,
>
> I found a weird packet capture of DHE key exchange.
>
> C --> S
> TLSv1.2
> cipher suite u
If I recall, TLS 1.2 was ambiguous on this point, so it's unclear what the
sender is expected to do.
I believe there were some implementations that expected a fixed-width
public key (which would have been the better option to pick, but we don't
have a time machine), so zero-padding on send is prud
I don't know that the assumption that it starts as a re-ordering is going to be
valid. Certainly we have at least one instance (the erratum you reported,
Rory!) where we've found something in a static table that's simply invalid; I'd
expect we drop that line in any versioned update, even if we h
Hi folks,
As promised at the last IETF meeting, we're working to close out all open
issues on the ECH draft so that we can move this specification forward. Most of
the editorial issues have been resolved. The list that remains is
non-editorial. The list is as follows:
- Handshake-level vs reco
