Dear all, today I encountered something that confuses me: different TLS implementations do not seem to agree on how to implement truncated HMAC. All implementations I tested truncate the HMAC output correctly, but they seem to use different MAC keys. When truncated HMAC is negotiated:
-> MatrixSSL does not change the length of the MAC key but zeros all its bytes beyond index 10, -> mbedTLS truncates the MAC key to length 10, -> WolfSSL does not touch the MAC key at all. >From RFC 6066 I would infer that the MAC key should not be affected by the negotiation of the truncated HMAC extension (as WolfSSL is implementing it). Is that correct? Thank you very much! Cheers ___________________________________ Andreas Walz Email: andreas.w...@hs-offenburg.de Institute of reliable Embedded Systems and Communication Electronics (ivESK) Homepage: http://ivesk.hs-offenburg.de/ University of Applied Sciences Offenburg Offenburg University of Applied SciencesOffenburg University of Applied SciencesOffenburg University of Applied SciencesOffenburg University of Applied Sciences Badstraße 24 77652 Offenburg Germany
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
