​David Benjamin <david...@chromium.org> writes: >I probed a bunch of servers yesterday and found evidence of yet another >collision at 26! It's possible these are TLS-LTS implementations, but a lot >of them additionally only support RSA decryption ciphers, which makes this >seem unlikely.
Another reason why it should be unlikely (emphasis on "should") is that the use is in SCADA/embedded, so not anything that should be visible on the public internet. Having said that, someone sent me a link to a Shodan scan earlier today with over a thousand devices that definitely shouldn't be on the Internet, so who knows what's being put online there. >These servers do not appear to do anything with the extension, as far as I >could tell, including even echoing it back, but they send decode_error if >the extension includes a non-empty body. Hmm, that does sounds like -LTS, since it has an empty body... no idea whose implementation that would be though. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls