On Fri, Jun 02, 2017 at 03:28:33PM +0200, Toerless Eckert wrote: > On Fri, Jun 02, 2017 at 08:03:40AM -0400, Ryan Sleevi wrote: > > > If a web service hoster does not provide any useful demultiplexer then it > > > can of course not > > > expect not to get blacklisted across services. Is it not already common > > > practice to assign > > > separate certificates to separate "web customers" ? > > > > No. It's typically the opposite. > > Thanks. > > Btw: does TLS 1.3 mandate server side cert encryption or is this something > server > apps can decide ?
It is required. Of server messages, TLS 1.3 only leaves ServerHello unencrypted. SH contains low-level connection parameters: - TLS version used - Server random value - Record protection / PRF algorithm used - DH key share (if DH is used). - PSK identity selected (if PSK is used). The certificate is sent in certificate message, which is always protected (encrypted). -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls