<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 09/28/2016 03:27 AM, Matt Caswell wrote:<br>
<blockquote
cite="mid:33fbf11e-a3be-1b66-7699-48d4be8a3847@openssl.org"
type="cite">
<pre wrap="">
The current behaviour is not *wrong* either for TLS or DTLS, but the
discrepancy is quite weird and confusing. Should we:
1) Change TLS to behave like it used to, and like DTLS still does
2) Change DTLS to be consistent with the TLS behaviour
3) Keep it as it is and retain the current inconsistency
And if we change things, should we just change it in the current dev
branch - or backport it as a bug fix?
Thoughts?
</pre>
</blockquote>
<br>
I don't think any change should be backported --it's potentially
disruptive, and if the behavior (change) has gone unnoticed for so
long, it hardly seems urgent to normalize between DTLS and TLS.<br>
<br>
It seems like the abbreviated handshake would save some
computational resources; on the flip side, it would not have the
opportunity for a fresh DH exchange to stir the key material. If
anything, that would almost suggest a<br>
<br>
(4) change DTLS to default to abbreviated handshakes and change TLS
to default to normal handshakes<br>
<br>
since the DTLS server could be sending a HelloRequest because it had
to dump state, but the TLS/TCP connection is persistent and the
potential need for key update greater there.<br>
<br>
That said, I do prefer consistency between DTLS and TLS, so would
lean towards option (2), myself, for the resource savings.<br>
<br>
-Ben<br>
</body>
</html>