What is most likely to happen is that the cookie will be invalid and the connection will be rejected.
Many TLS servers assume that presence of a cookie means that they previously sent a HelloRetryRequest on that connection. For instance, NSS packs a hash of the original ClientHello into the cookie so that it can restore the handshake transcript. Reusing the cookie will just lead to the server restoring the handshake transcript from the wrong handshake. And that's even assuming that it accepts the cookie in the first place. On Mon, Oct 30, 2017 at 6:07 PM, Jānis Čoders <janis.cod...@gmail.com> wrote: > Hi, is there ANY security issue with reusing Cookie from previous TLS > connection? In current draft there is text: "Clients MUST NOT use > cookies in their initial ClientHello in subsequent connections." I > can't think of any security implication, but can think of situations > where it could be useful. > > -- > Ar cieņu, > Jānis Čoders > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
