On Fri, Jun 07, 2024 at 01:04:33PM +0200, Hubert Kario wrote:
> On the other hand the RFC states (section 1.1):
>
> ...
> A client that requests
> session resumption does not in general know whether the server will
> accept this request, and therefore it SHOULD send the same extensions
> as it would send if it were not attempting resumption.
> ...
>
> and
>
> ...
> - If, on the other hand, the older session is resumed, then the
> server MUST ignore the extensions and send a server hello
> containing none of the extension types. In this case, the
> functionality of these extensions negotiated during the original
> session initiation is applied to the resumed session.
> ...
Thanks! I think that makes it pretty clear. Any "conflicting" MFL
extension from the client is to be ignored if session resumption is
accepted, or processed normally if it is declined. Thus a client
can't reliably expect a new value to take effect, but trying should
generally be harmless...
I'll double check the code under review, perhaps my initial impression
was wrong. If it turns out I was not mistaken, then it would I think be
appropriate to relax the current behaviour.
--
Viktor.
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]
