On 07/07/2017 09:25 AM, Andreas Walz wrote: > Dear all, > > today I encountered something that confuses me: different TLS > implementations do not seem to agree on how to implement truncated > HMAC. All implementations I tested truncate the HMAC output correctly, > but they seem to use different MAC keys. When truncated HMAC is > negotiated: > > -> MatrixSSL does not change the length of the MAC key but zeros all > its bytes beyond index 10, > -> mbedTLS truncates the MAC key to length 10, > -> WolfSSL does not touch the MAC key at all. > > From RFC 6066 I would infer that the MAC key should not be affected by > the negotiation of the truncated HMAC extension (as WolfSSL is > implementing it). Is that correct?
I agree with your reading of RFC 6066 (and RFC 2104). -Ben
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
