➢ That requirement is hard to meet in a library that implements both
TLS1.2 and TLS1.3 -- a CCS prior to ServerHello would have to be both
fatally rejected (TLS1.2) and dropped without further processing
(TLS1.3).
Well OpenSSL managed to do it. I guess I should admit that it could be
interpreted as arguing in favor of your point :) Less flippantly, it’s pretty
straightforward: when you get a CCS look at the state and fail or ignore.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
