Yes, we found this a while ago as well, and had to move extensions around.
Cheers,
Andrei
-Original Message-
From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Wan-Teh Chang
Sent: Thursday, March 24, 2016 12:04 AM
To: Martin Thomson
Cc: tls@ietf.org
Subject: Re: [TLS] Empty extensions
Hubert Kario writes:
>In my experience, many (12%) servers simply ignore the list of curves
>advertised by client and use the P-256 curve always.
>
>Some (58%) check if it was advertised and fallback to non-ECDHE if P-256 is
>not advertised.
When I checked, which is a year or two back now, I fou
Timothy Jackson:
> I’ve noted that many (most?) TLS implementations choose their ECDHE curves
> seemingly without regard to the cipher suite strength. Thus, they'll select
> an AES256 cipher suite (e.g. TLS_ECDHE_ECDSA_WITH_AES256_SHA384), but then
> generate an ECDHE key on the P256 curve. This
Hiya,
Thanks for the speedy response...
Again #3 below is what I care about, the other stuff isn't
a big deal.
On 24/03/16 00:38, Bodo Moeller wrote:
> "Stephen Farrell" :
>
>> (1) Why experimental? Wouldn't this be better as info
>> and documented as "here's a spec for a thing that's
>> widel