Re: [TLS] TLS1.3 Ticket Usage Across Versions

2021-11-12 Thread Benjamin Kaduk
On Fri, Nov 12, 2021 at 04:23:12PM -0800, Steven Collison wrote: > Hello, > > While testing a TLS1.3 client implementation, I found an unexpected > behavior. Specific sequence: > 1. Client negotiates TLS1.3 with Server. > 2. Server sends NST with a valid ticket. > 3. Client reconnects to the same

[TLS] TLS1.3 Ticket Usage Across Versions

2021-11-12 Thread Steven Collison
Hello, While testing a TLS1.3 client implementation, I found an unexpected behavior. Specific sequence: 1. Client negotiates TLS1.3 with Server. 2. Server sends NST with a valid ticket. 3. Client reconnects to the same Server. The ClientHello contains both the `session_ticket` and `pre_shared_

Re: [TLS] RFC8447bis

2021-11-12 Thread Eric Rescorla
I am fine with this change. On Thu, Nov 11, 2021 at 11:36 PM John Mattsson wrote: > Hi, > > > > My biggest concern with the "Recommended" column that I raised some year > ago is that most people I meet in other SDOs as well as developers using > TLS tend to believe that "Recommended" means "Reco

Re: [TLS] Up to date overview of TLS implementations?

2021-11-12 Thread Michael Tuexen
> On 12. Nov 2021, at 12:22, John Mattsson > wrote: > > Thanks Achim, > > My interest in DTLS Connection IDs is mainly for non-constrained use cases > such as DTLS/SCTP (DTLS over SCTP) between nodes in the 5G core network. > > https://datatracker.ietf.org/doc/draft-ietf-tsvwg-dtls-over-sct

Re: [TLS] Up to date overview of TLS implementations?

2021-11-12 Thread John Mattsson
Thanks Achim, My interest in DTLS Connection IDs is mainly for non-constrained use cases such as DTLS/SCTP (DTLS over SCTP) between nodes in the 5G core network. https://datatracker.ietf.org/doc/draft-ietf-tsvwg-dtls-over-sctp-bis/ The current plan is to mandate use of connection IDs for both D

Re: [TLS] Up to date overview of TLS implementations?

2021-11-12 Thread Achim Kraus
Hi John, for draft-ietf-tls-dtls-connection-id, I have some views ("overview" may be something else). Eclipse/Californium, Release 3.0 (3. November 2021), Java, CoAP + DTLS 1.2, supports/configurable both deprecated variants (old MAC and deprecated extension code-point 53) and RFC9146 variant (n

[TLS] Up to date overview of TLS implementations?

2021-11-12 Thread John Mattsson
Hi, Is there any up to date overwiew of which TLS libraries support or are working on support for new and upcoming stuff like: RFC 8879 TLS Certificate Compression draft-ietf-tls-dtls-connection-id draft-ietf-tls-ticketrequests draft-ietf-tls-subcerts draft-ietf-tls-dtls13 draft-ietf-tls-esni C