On Sun, Mar 23, 2025, at 10:20, David Benjamin wrote: > This case is a protocol error and should abort the handshake,
Is it though? It would appear that the probability of this occurring is about 50% after about 4 billion ECH grease handshakes that operate in "don't stick out" mode: https://tlswg.org/draft-ietf-tls-esni/draft-ietf-tls-esni.html#name-do-not-stick-out It's probably OK to abort in that case. The odds are low enough that a failed connection is likely preferable to the alternative, but it's definitely a non-negligible risk. _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
