Re: [openssl-project] [TLS] Yet more TLS 1.3 deployment updates

2019-01-24 Thread Sam Roberts
I appreciate that there are multiple ways of looking at this, but I don't think that looking at the info callback from the point of view of "is it or is it not a handshake record" is pragmatic. The SSL_set_msg_callback could be used by people wanting to see all the underlying records. The way the

[openssl-project] Point compression config

2019-01-24 Thread Matt Caswell
Issue 8067 points out that we have code for enabling the configuration of the ec point formats: https://github.com/openssl/openssl/issues/8067 However, while the code exists, it is not exposed in any public API - so it is effectively dead code. I suppose in 1.0.2 it could have been used by

Re: [openssl-project] [TLS] Yet more TLS 1.3 deployment updates

2019-01-24 Thread Tim Hudson
On Thu, Jan 24, 2019 at 9:45 PM Matt Caswell wrote: > > This notion of "handshake" is not supported by RFC 8446 uses the terms > "the > > handshake", "a handshake", and "post-handshake". "Post-handshake", in > > particular, implies KeyUpdate are after the handshake, not part of it. > > I just

Re: [openssl-project] [TLS] Yet more TLS 1.3 deployment updates

2019-01-24 Thread Matt Caswell
On 23/01/2019 18:29, Viktor Dukhovni wrote: > I should also note that there are two > issues in this thread, of which this is the second. The first one is about > the limit on the number of key update messages per connection, and I hope > that we can do something sensible there with less

Re: [openssl-project] [TLS] Yet more TLS 1.3 deployment updates

2019-01-24 Thread Matt Caswell
On 23/01/2019 17:42, David Benjamin wrote: > On Wed, Jan 23, 2019 at 4:24 AM Matt Caswell > wrote: > > On 22/01/2019 20:41, David Benjamin wrote: > > On Tue, Jan 22, 2019 at 1:48 PM Viktor Dukhovni > mailto:openssl-us...@dukhovni.org> > >