On 28/12/17 18:06, Eric Rescorla wrote: > I must be missing your point. According to the spec as it stands even > with a stateful server I MUST ignore a CCS that comes first. Since this > is a stateful server it may end up negotiating TLSv1.2 - which requires > us to abort the handshake if the CCS comes first. No sensible > implementation will ever send a CCS first in this scenario, so why am I > required by the spec to ignore it and implement the extra complexity in > TLSv1.2 handling? > > In reality I wouldn't bother to implement this which would make me > technically non-compliant. I would prefer it if the wording were fixed > to not require this. > > > OK, I understand your point now, I think it's fine to reject this case > as long as > you properly handle things in the stateless case. If you want to submit > a PR, > I will take a look.
https://github.com/tlswg/tls13-spec/pull/1129 Matt _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls