Dear List, according
https://tools.ietf.org/html/rfc7627#section-5.3 5.3 Client and Server Behavior: Abbreviated Handshake "The client SHOULD NOT offer an abbreviated handshake to resume a session that does not use an extended master secret. Instead, it SHOULD offer a full handshake." ... "If neither the original session nor the new ClientHello uses the extension, the server SHOULD abort the handshake. If it continues with an abbreviated handshake in order to support legacy insecure resumption, the connection is no longer protected by the mechanisms in this document, and the server should follow the guidelines in Section 5.4." If the original session doesn't use an extended master secret: - the client SHOULD offer a full handshake. - the server SHOULD abort If the client follows this guide, it falls-back to use a full handshake. If the client doesn't follow this (maybe, the client is not aware of RFC 7627), the server SHOULD aborts. Why SHOULD the server not (also) just fall-back to use a full handshake? best regards Achim Kraus _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
