On 01/09/17 18:05, Hubert Kario wrote: > When openssl sends a second Client Hello message, it modifies it quite > extensively, not only client_random is changed but also advertised cipher > suites. > > see https://github.com/openssl/openssl/issues/4292 > > That makes it non-compliant with the current draft (-21):
Yes, I've seen the github issue on this. I will take a look at this at some point this week. Matt > > When a client first connects to a server, it is REQUIRED to send the > ClientHello as its first message. The client will also send a > ClientHello when the server has responded to its ClientHello with a > HelloRetryRequest. In that case, the client *MUST send the same* > *ClientHello* (without modification) except: > > - If a "key_share" extension was supplied in the HelloRetryRequest, > replacing the list of shares with a list containing a single > KeyShareEntry from the indicated group. > > - Removing the "early_data" extension (Section 4.2.9) if one was > present. Early data is not permitted after HelloRetryRequest. > > - Including a "cookie" extension if one was provided in the > HelloRetryRequest. > > - Updating the "pre_shared_key" extension if present by recomputing > the "obfuscated_ticket_age" and binder values and (optionally) > removing any PSKs which are incompatible with the server's > indicated cipher suite. > > > >
signature.asc
Description: OpenPGP digital signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
