On Thu, Oct 13, 2016 at 03:17:32PM +0900, Kazuho Oku wrote:
> TLDR: the spec. was clear and easy to implement, but some test vectors
> and clarification on what constitutes a Handshake Context would have
> helped.
> FWIW, please let me share my experience of implementing TLS 1.3.
> This month, I have written a TLS 1.3 implementation (named picotls,
> available at https://github.com/h2o/picotls) based on draft 16 from
> scratch.

Tried interop versus my own implementation (with my implementation
as client).

Didn't work... I traced the blowup to client_hello_decode_server_name():

The sent contents of the SNI extension is:

00 0B 00 00 08 "h2o.test"

Which AFAICT is a server name list of 11 bytes, containing entry of
type 0 (host_name), with length 8 and name "h2o.test".

picotls seems to interpret the first byte as the type (happens to
be 0, which is host_name), and then interprets 0B 00 as the
length of the hostname. Which of course blows up as the length
is way too big (over 2kB).

Also, my implementation does not show any alert being received
from the peer (as result of this failure), just connection being
closed (internally, picotls returns -50, which I think is


TLS mailing list

Reply via email to