Re: [openssl-dev] rejecting elliptic_curves/supported_groups in ServerHello (new behavior in master/1.1.1 vs 1.1.0)

It's just that extension in our experience. Enforcing that servers don't send extensions they aren't supposed to generally works fine and is good for the ecosystem. But that particular extension needs a quirk. I suspect there was some confusion because ec_point_format_list can be server-sent in TL

Re: [openssl-dev] cert_cb and TLS tickets

(Resending from an address which is actually subscribed. Apologies if this causes anyone to receive this twice.) Here's the patch series which flipped it: https://boringssl.googlesource.com/boringssl/+/4eb95ccfd64d46fad23f36238690594d02518467 https://boringssl.googlesource.com/boringssl/+/34202b93

Re: [openssl-dev] Future of custom extension API?

On Tue, Nov 15, 2016 at 12:58 AM Bill Cox wrote: > On Mon, Nov 14, 2016 at 7:00 AM, Salz, Rich wrote: > > > What are the chances that the OpenSSL devs would be interested in > upgrading this API? > > Pretty good. > > We’re looking at adding a new API for 1.1.1 that is like the one in boring > --