Dear David, dear all,
> These printers use the RSA BSAFE library to implement TLS and this
> library implements the extended_random extension and assigns it number
> 40. This collides with the key_share extension and causes 1.3-capable
> handshakes to fail.
>
[..]
>
> (Lastly, we note that in the paper "On the Practical Exploitability of
> Dual EC in TLS Implementations", the authors remarked that they had no
> evidence that a version of BSAFE with extended_random support ever
> shipped. TLS 1.3 appears to have tripped over it.)
>
Wow, thanks for finding this, it was really baffling us.
All the best
Tanja
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
