Hubert Kario <hka...@redhat.com> wrote: > I'm quite sure that if I were sending a huge extension or many big extensions, > the percentage of servers that are incompatible to them would be similar, if > not worse. A relatively small 3KiB client hello already causes issues and this > is not exactly something impossible to achieve with just TLSv1.2 and session > tickets.
Don't expect a server to accept a ClientHello with a session ticket it didn't produce. In particular, a server could very reasonably reject a session ticket larger than the ones it produces, and it might produce only very small ones. More generally, when assessing compatibility, generally it is better to consider only initial handshakes, using the data one would normally send in an initial handshake. And, if you are considering 0-RTT key shares, then it would be better to measure the case where only ECC key shares are used separately from the case where non-ECC (old-school DH) key shares are used. Cheers, Brian _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
