Hubert Kario <hka...@redhat.com> writes: >I was thinking of something like the following: > > The length of verify_data (verify_data_length) in the Finished message > MUST be equal to the length of output of the hash function used as the > basis of the PRF selected for the ciphersuite. That is, in case of > SHA-256 based PRF 32 octets MUST be used. This overrides the > requirement from Section 7.4.9. of RFC 5246 that all ciphersuites > defined at that time have verify_data_length of 12.
Thanks, I've added words to that effect to the draft, and also added a few other cleanups as well. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
