Hi all,
In TLS 1.3 draft-07, server provides a ServerConfiguration message containing a
long-term DH share.
If used on future connections:
(1) server reduces the computational cost for cipher suites where signatures
are slower than key agreement;
(2) server omits both the Certificate or Certifi
Hi All,
Without the Negotiated Groups extension,
Case 1: if the server accepts the Groups in ClientHello.keyshare, it just use
one of the Groups for DH, and CertificateVerify for both sides.
Case 2: else it responses an HelloRetryRequest message, which takes *all
Groups* that the server suppor
>> Without the Negotiated Groups extension,
>>
>> Case 1: if the server accepts the Groups in ClientHello.keyshare, it just
>> use one of the Groups for DH, and CertificateVerify for both sides.
>>
>> Case 2: else it responses an HelloRetryRequest message, which takes *all
>> Groups* that the s
