[openssl-dev] Minor bug in custom TLS extensions
Bill Cox
waywardgeek at google.com
Fri Aug 28 00:21:34 UTC 2015
On Thu, Aug 27, 2015 at 5:00 PM, Emilia Käsper <emilia at openssl.org> wrote:
> A client should (SHOULD) always repeat extensions on resumption though, as
> it can't know whether the resumption will be accepted.
>
> Do you have a specific example where you need to save custom extension
> state? We can think about extending the API, even though I imagine that
> anything that does need to keep state will be too complex and hairy to be
> handled by the generic extension mechanism.
>
> Cheers,
> Emilia
>
>
Yes, I need it for the Token Binding Negotiation
<https://tools.ietf.org/html/draft-popov-tokbind-negotiation-00>
extension. We negotiate acceptable Token Binding key parameters in this
TLS extension. On resumption, the negotiation fails because the server
does not include the custom extension in it's server hello. At this point,
the client loses the ability to use channel bound tokens.
Thanks,
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150827/bb82b870/attachment.html>
More information about the openssl-dev
mailing list