On Sat, Oct 17, 2015 at 03:20:08PM -0700, Eric Rescorla wrote:
> I don't feel strongly about this, but I don't see how what you suggest
> is any simpler than the version number encoding I proposed. Arguably,
> it's more complicated since you can't implement the sentinel check with
> memcmp().
The simplicity I have in mind minimality of the design, not so much
the implementation.
The bit in question could be the high bit of of the first octet of
server random. The code doing the comparing would need a mutable
copy of the test value, and would clone the bit in question from
the input to the test value, then memcmp.
tls13 = peerrand[0] & 0x80;
sentinel[0] = tls13 | (sentinel[0] & 0x7f);
if (memcmp(srand, test, len) == 0) {
if (tls13) {
/* Peer indicates TLS >= 1.3 support */
...
} else {
/* Peer indicates TLS 1.2 support */
...
}
}
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
