On Fri, Dec 8, 2017 at 10:49 AM, Joseph Birr-Pixton <jpix...@gmail.com> wrote:
> Hello, > > Draft 22 says: > > An implementation may receive an unencrypted record of type > change_cipher_spec consisting of the single byte value 0x01 at any > time during the handshake and MUST simply drop it without further > processing. > > That requirement is hard to meet in a library that implements both > TLS1.2 and TLS1.3 -- a CCS prior to ServerHello would have to be both > fatally rejected (TLS1.2) and dropped without further processing > (TLS1.3). > Well, you could read this as overriding the 1.2 requirement, namely, that if you offer 1.3, you must reject it. > Are there any problems with tightening up "at any time during the > handshake"? Or perhaps I should be interpreting the time prior to > ServerHello as not being "during the handshake"? > I think if we think this is the right answer we should say so, and I would be fine with that. There's inconsistency in whether the supported_versions extension is > allowed in HelloRetryRequest. 4.2.1 and B.3.1.1 say no, but 4.1.4, > 4.2 and 9.2 say yes. I'll assume that's an omission and submit a PR. > Correct. Please do. -Ekr > > Cheers, > Joe > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
