I thought of following scenario: Client: ClientHello+0RTT Server: 0RTT rejected. Fallback to 1RTT. Server: (Drains 0-RTT records) Client: Finished (corrupted in transit) Client: Appdata (request for something) Server: (Drains corrupt finished as 0-RTT record) Server: (Drains appdata as 0-RTT record) Client: (Waiting for response from server, handshake finished) Server: (Waiting for Client Finished, handshake in progress) *Deadlock?*
Can this actually happen? Or is it considered "too unlikely"? -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
