Re: [Acme] tls-alpn-01 question

2022-02-04 Thread Aaron Gable
Just to clear up any potential confusion: the ACME Server and the TLS Server are not the same entity when conducting TLS-ALPN-01 Validation. The ACME Server is, during a TLS-ALPN-01 validation, acting as a TLS Client. According to RFC 8737 Section 3, it must, in its `clientHello` message, include

Re: [Acme] tls-alpn-01 question

2022-02-04 Thread Matthew McPherrin
RFC 7301 section 3.1 says: > the "ProtocolNameList" MUST contain exactly one "ProtocolName" On Fri, Feb 4, 2022 at 12:49 PM Salz, Rich wrote: > >- Does "with the single protocol name" mean that it should be >considered an error if the ACME server offers more than a single supported >

Re: [Acme] tls-alpn-01 question

2022-02-04 Thread Salz, Rich
* Does "with the single protocol name" mean that it should be considered an error if the ACME server offers more than a single supported protocol? Replying with more than one protocol is unspecified behavior. The recipient could proceed, or treat it as an error. ___

[Acme] tls-alpn-01 question

2022-02-04 Thread Gabriel Sullice
Hello, I have a quick clarifying question regarding RFC8737 Section 3 , step 3, which states: The ACME server MUST provide an ALPN extension with the single protocol name "acme-tls/1" and an SNI extension containing only the domain name bein