One note on a new issue in -14: https://tools.ietf.org/html/draft-ietf-emu-eap-tls13-14#section-2.1.2
The diagram suggests that it's possible for the EAP-TLS server to separate the "TLS Finished" messages from the "NewSessionTicket" message. There is no guidance as to how this is done. After spending some time going through RFC 8446 and OpenSSL docs / code, it's not clear that this separation can be enforced by the application. Alan DeKok. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
