On 14 July 2016 at 03:01, Eric Rescorla <e...@rtfm.com> wrote: > > Obviously, you could add a check that said that if an EC cipher suite was > advertised, then you had to look for key shares even if you picked one, but > it's not a check you otherwise need.
Though you would miss an EC cipher suite that you didn't know about. And as far as the client is concerned, any cipher suite that the server didn't pick is potentially one that it didn't know about. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
