On 27/02/2019 12:30, Hubert Kario wrote: > I'm not sure which part for the key_share extension you mean as being empty, > but the key_exchange in the KeyShareEntry can't be empty, per RFC 8446, > Section 4.2.8: > > struct { > NamedGroup group; > opaque key_exchange<1..2^16-1>; > } KeyShareEntry;
Ah sorry, you're right - there is one byte in the key_exchange with a value 0x00 in a greasy KeyShareEntry I just looked at. And a different browser doing tls1.2 sent 2 greasy extensions, one with no data and another with a single byte (0x00 again). I guess my question remains though, as to whether more bytes ought be sent in these fields sometimes and whether or not they also ought be random values. FWIW, I guess it'd make sense to send a range of random length random values some of the time, but mostly I'm wondering what other folks are doing/expecting. Cheers, S.
0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls