On Thu, Oct 13, 2016 at 03:17:32PM +0900, Kazuho Oku wrote: > TLDR: the spec. was clear and easy to implement, but some test vectors > and clarification on what constitutes a Handshake Context would have > helped. > > FWIW, please let me share my experience of implementing TLS 1.3. > > This month, I have written a TLS 1.3 implementation (named picotls, > available at https://github.com/h2o/picotls) based on draft 16 from > scratch.
Tried interop versus my own implementation (with my implementation as client). Didn't work... I traced the blowup to client_hello_decode_server_name(): The sent contents of the SNI extension is: 00 0B 00 00 08 "h2o.test" Which AFAICT is a server name list of 11 bytes, containing entry of type 0 (host_name), with length 8 and name "h2o.test". picotls seems to interpret the first byte as the type (happens to be 0, which is host_name), and then interprets 0B 00 as the length of the hostname. Which of course blows up as the length is way too big (over 2kB). Also, my implementation does not show any alert being received from the peer (as result of this failure), just connection being closed (internally, picotls returns -50, which I think is decode_error)? -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
