On 27/02/2019 12:30, Hubert Kario wrote:
> I'm not sure which part for the key_share extension you mean as being empty,
> but the key_exchange in the KeyShareEntry can't be empty, per RFC 8446,
> Section 4.2.8:
>
> struct {
> NamedGroup group;
> opaque key_exchange<1..2^16-1>;
> } KeyShareEntry;Ah sorry, you're right - there is one byte in the key_exchange with a value 0x00 in a greasy KeyShareEntry I just looked at. And a different browser doing tls1.2 sent 2 greasy extensions, one with no data and another with a single byte (0x00 again). I guess my question remains though, as to whether more bytes ought be sent in these fields sometimes and whether or not they also ought be random values. FWIW, I guess it'd make sense to send a range of random length random values some of the time, but mostly I'm wondering what other folks are doing/expecting. Cheers, S.
0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
