On Tue, Aug 9, 2022, at 16:36, Ben Smyth wrote: > On Mon, 8 Aug 2022 at 15:21, Töma Gavrichenkov wrote: >> "Upon receiving the server's messages, the client responds with its >> Authentication messages, namely Certificate and CertificateVerify (if >> requested), and Finished. At this point, the handshake is complete" > > I stumbled with this.
That seems clear enough to me. At least from the client's perspective. Presumably the server has to receive the client's Finished to consider the handshake complete. > OpenJDK reports handshake completion twice. My first reaction there was "yikes!". But on a second read, that's not so bad. The (sometimes) second signal to the client on receiving NewSessionTicket is a bit weird, but aside from being a bit odd, it's documented, so that's on them. It's weird, but as long as clients are aware of the strangeness, it seems like the risks are contained. Even when clients aren't, the risk is that the client does something two times, but then the prevalence of NewSessionTicket means that clients are highly likely to encounter the second signal and notice any problems it causes. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
