(Adding Filippo, who wrote the original change.)
I just did some spelunking of the archives, and poking at boring SSL.
I found that David Benjamin mentions unencrypted data, which seems to
be consistent with what boring implements:
The section on the maximum early data size says this:
"Only Application Data payload is counted."
I don't know how to interpret that. I can see arguments for counting
TLSInnerPlaintext.content or all of TLSInnerPlaintext.
___
TLS mailing list
Hi, Brad
What Martin said. Additionally, I work for a vendor that has to really “lawyer
up” sometimes.
So if RFC 2246 says “MUST implement X” and your code doesn’t implement X, just
don’t claim compliance with RFC 2246. You can still have TLS 1.0 code for BC.
In general, people looking for
If you want to lawyer up on this, I think that the official
interpretation is that those RFCs were obsoleted by RFC 5246 and so if
you support 5246, you can do what it says and not what the older specs
say. I don't think that anyone will fault you if you decide to burn
all traces of DES from your