Hi Ekr, ~snip~
> Section 6.3.1.2 explains that the ServerHello message handling: > > " > The server will send this message in response to a ClientHello message > when it was able to find an acceptable set of algorithms and the > client’s “key_share” extension was acceptable. If the client proposed > groups are not acceptable by the server, it will respond with a > “handshake_failure” fatal ale > " > > What this text should be saying is that the response from the server > depends on the selected ciphersuite. Implicitly you are saying that in > another part of the document, namely in Section 8.2 "MTI Extensions". > > > Sorry, I'm not following your question here. Can you say more? > The conditions for the server to return a ServerHello are complex and the wording is confusing. The decisions are at least based on: - Is there an acceptable set of algorithms and groups that are mutually supported? - Did the client’s KeyShare contain an acceptable offer? - Is a KeyShare extension present? - Is “signature_algorithms” extension present? - Does msg offer (EC)DHE cipher suites? Ciao Hannes
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
