Re: How do I turn off EC point formats from showing up in TLS 1.3 client hello?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 15/11/2019 22:03, Phil Neumiller wrote:
> 
> TLS 1.3 doesn't use EC point formats right?  I don't know why they are in my
> TLS 1.3 client hello.

No, its not used in TLSv1.3 but is used in TLSv1.2 or below. A
ClientHello is sent before version negotiation takes place so you don't
know what version will eventually be selected. Therefore, if EC is
enabled, this extension is always added regardless.

A possible improvement would be for OpenSSL to detect whether TLSv1.3 is
the only enabled protocol version on the client and disable it in those
circumstances. But it doesn't currently check this.

Currently the only way to disable this extension is to disable EC.
However that means (assuming you are using 1.1.1 instead of master) that
TLSv1.3 will not work since EC is required for the 1.1.1 TLSv1.3
support. In master that isn't the case so I guess it might be possible
there but I've not tried it.

Matt




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux