Hi, The ability of a TLS client to optionally send a list of trusted CAs to the TLS server is not new in TLS 1.3. In TLS 1.2 and older it was an extension "Trusted CA Indication" (3), defined in RFC6066 Chapter 6. So I would suggest that any OpenSSL API to control that feature in TLS 1.3 also affects the matching TLS < 1.3 functionality, and is separated from the APIs that control the TLS server sending a list of client certificate CAs to clients. This aspect was somehow missed in a recent discussion of this TLS 1.3 behavior (which I cannot find right now). Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
