I don't understand this text. In this context, supported_groups is not optional.
The client includes the "tls_cert_with_extern_psk" extension in the ClientHello message. The "tls_cert_with_extern_psk" extension MUST be accompanied by the "key_share", "psk_key_exchange_modes", and "pre_shared_key" extensions. The client MAY also find it useful to include the "supported_groups" extension. Since the But if you send "key_share" you need to send "supported_groups" because TLS 1.3 requires that the group be selected out of "supported_groups". -Ekr On Tue, Sep 2, 2025 at 12:07 PM Russ Housley <[email protected]> wrote: > Mike: > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > Section 4: "MAY also find it useful" means that the client is permitted, > but > > not required, to find the extension useful. Is that the intended sense? > I'd > > suggest that this is a lowercase "may" or better yet "might". > > Suggestion: > > The client MAY also include the "supported_groups" extension. > > Russ > > _______________________________________________ > TLS mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
