> On Sep 22, 2016, at 8:18 AM, Andreas Walz <andreas.w...@hs-offenburg.de>
> I see your point here. However, where would you draw the line between "I
> can't" and "I don't want to"? Think of a cipher suites list with 3 bytes in a
> ClientHello. You can still find one cipher suite that could be ok to work
> with. However, how can you trust the first two bytes if you find that third
> byte telling you something's abnormal?
The server tries that first cipher, if mutually supported, and if it
works, it guessed right. If the finished message from the server is
valid, the client's handshake as seen by the server was presumably
exactly what the client sent, so the client gets what it paid for...
Servers don't have to be that forgiving, but it is a plausible approach.
TLS mailing list