On Mon, Feb 26, 2018 at 12:33:20PM +0000, Matt Caswell wrote: > > > On 24/02/18 18:57, Benjamin Kaduk wrote: > > Hi all, > > > > There's a pull request open against the TLS 1.3 spec to include the > > record header in the AAD for record protection > > (https://github.com/tlswg/tls13-spec/pull/1158). We're somewhat on > > the fence about this, with the main advantage seeming to be for DTLS > > and not plain TLS, but it would probably still be useful to have > > some sense for how hard it would be to implement. Matt, do you have > > any thoughts off the top of your head? > > I've looked into this. And because I can't put this stuff down I played > around to see what it would take to implement it:
Thank you! -Ben > https://github.com/mattcaswell/openssl/commit/46494d3056fdfb9416b3585c8a5430e53abe0a58 > > It's quite straight forward really. The above commit still leaves a > couple of test failures there - but I went far enough to prove the > concept. The test failures just need a bit more time to solve (one is > something to do with the way I set up AAD for CCM ciphersuites; and the > other is that the TLSv1.3 encryption test vectors need updating). > > Matt > _______________________________________________ openssl-project mailing list [email protected] https://mta.openssl.org/mailman/listinfo/openssl-project
