Hiya,
During the UTA session it occurred to me it might make sense to have a sentence something like: "Ongoing development of TLS continues so implementers ought not assume that they can depend on specific content of TLS messages. For example, experiments like ECH [1] mean that the ClientHello visible before being processed by a TLS library may not correspond to the actual TLS session details." [1] https://datatracker.ietf.org/doc/draft-ietf-tls-esni/ Reason is I have seen application layer code that peeks into the ClientHello in web servers that I had to modify when integrating with my ECH-supporting OpenSSL fork. Cheers, S.
OpenPGP_0x5AB2FAF17B172BEA.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
