Mike Bishop wrote: > > I assume you're referring to Section 3, SNI's ServerNameList MUST NOT > contain more than one name of a given type? > > Or are you referring to the (lower-case) must not resume if SNI and the > certificate used in the resumed session differ?
My (online) copy of rfc6066 has a (fully reasonable) upper-case MUST NOT. Last paragraph on page 7, rfc6066 (TLS extension server_name_indication) https://tools.ietf.org/html/rfc6066#page-7 A server that implements this extension MUST NOT accept the request to resume the session if the server_name extension contains a different name. Instead, it proceeds with a full handshake to establish a new session. -Martin _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
