https://bz.apache.org/bugzilla/show_bug.cgi?id=57108
--- Comment #15 from quartz <quartz...@yahoo.com> --- nio: ok. Sorry. As for TLS parsing, there can be a whole lot of stuff well beyond 100 bytes in client hello, namely yet unknown extensions. TLS records proto msg length is up to 2^14-1 bytes. Not an issue I guess. Also, I just read that with a DHE handshake the SNI could come later and encrypted. https://tools.ietf.org/html/draft-rescorla-tls13-new-flows-01#section-4 So, if they have it their way, it won't be enough to look ahead the clienthello in 1.3. But I won't bet on that delayed encrypted sni; it is paranoiac protection because the DNS lookup just before is pretty much revealing the same info. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
