Viktor, Despite being a protocol violation, it is accepted by the OpenSSL's server implementation.
But I do see now that this is indeed covered by RFC 5246. Sorry, I have missed that line in the Client Certificate section. On Wed, Aug 13, 2014 at 1:48 AM, Salz, Rich <rs...@akamai.com> wrote: > > There is no need for an API for a non-interoperable feature that would > > violate the TLS protocol: > > > > https://tools.ietf.org/html/rfc5246#section-7.4.6 > > Perhaps more usefully, see > http://datatracker.ietf.org/doc/draft-thomson-tls-care/ > > This will almost definitely be part of TLS 1.3. Note that it's > version-neutral, so it will probably show up in other stacks as well. > -- > Principal Security Engineer > Akamai Technologies, Cambridge MA > IM: rs...@jabber.me Twitter: RichSalz > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org >