> On Nov 26, 2018, at 11:33 AM, Jakob Bohm via openssl-users <openssl-users@xxxxxxxxxxx> wrote: > > In TLS 1.2 and older it was an extension "Trusted CA Indication" (3), > defined in RFC6066 Chapter 6. > > So I would suggest that any OpenSSL API to control that feature in > TLS 1.3 also affects the matching TLS < 1.3 functionality, and is > separated from the APIs that control the TLS server sending a list > of client certificate CAs to clients. > > This aspect was somehow missed in a recent discussion of this TLS 1.3 > behavior (which I cannot find right now). Thanks for the update. I guess OpenSSL never implemented RFC6066. I am not sure that support this in TLS 1.2 is worth adding, but you have a valid of principle. If it were added, it should use the same API that supports the equivalent feature in TLS 1.3 in OpenSSL 1.1.1a. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
