This matches what we do. If we don't receive a suitable psk_key_exchange_modes, we don't send NewSessionTicket.
David On Thu, May 21, 2026, 19:03 Eric Rescorla <[email protected]> wrote: > Hi folks, > > During auth48 I noted the following commit: > > https://github.com/tlswg/tls13-spec/commit/81b7ebb15bfe1ace62067cfd9e513d8c993c6ce5 > which adds the requirement that the server receive psk_key_exchange_modes > before > it can send NST. > > At any time after the server has received **both a > "psk_key_exchange_modes" extension > and** the client Finished message, it MAY send a NewSessionTicket message. > > The previous text was a bit vague on this, saying: > restricts the modes for use with PSK resumption. Servers SHOULD NOT > send NewSessionTicket with tickets that are not compatible with the > advertised modes; however, if a server does so, the impact will just > be that the client's attempts at resumption fail. > > You could read this as you shouldn't send NST unless the client indicated > some modes, and so I think this change is good in theory, but I wanted to > double check that nobody's implementation would somehow be broken > up by this.... > > -Ekr > > _______________________________________________ > TLS mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
