On Tue, Nov 02, 2021 at 01:18:22PM +0100, [email protected] wrote:
> my question addresses the negotiation of the "encrypt_then_mac" extension
> proposed in RFC 7366 and, specifically, two possible interpretations of such
> negotiation when using AEAD ciphers.
I think the source of the confusion is that AEAD ciphers are *neither*
encrypt then MAC, nor MAC then encrypt (as two separate operations).
They perform both as a single one-pass operation. The extension in
question simply has no meaning with AEAD, and must not be sent by the
server when an AEAD cipher selected, in which case the client and server
just do AEAD.
--
Viktor.
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls