On 08/08/18 15:06, Eric Rescorla wrote: > The spec is actually extremely clear on this point > https://tools.ietf.org/html/draft-ietf-tls-tls13-28#section-4.1.3 > <https://tools.ietf.org/html/draft-ietf-tls-tls13-28#section-4.1.3> > > TLS 1.3 clients receiving a ServerHello indicating TLS 1.2 or below > MUST check that the last 8 bytes are not equal to either of these > values. TLS 1.2 clients SHOULD also check that the last 8 bytes are > not equal to the second value if the ServerHello indicates TLS 1.1 or > below. If a match is found, the client MUST abort the handshake with > an "illegal_parameter" alert.
In this case the client is acting as a TLS 1.2 client so I don't think that this paragraph applies. Matt _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls