[openssl-dev] [openssl.org #4065] Re: Client Hello longer than 2^14 bytes are rejected
Kurt Roeckx via RT
rt at openssl.org
Fri Sep 25 19:19:12 UTC 2015
On Fri, Sep 25, 2015 at 04:23:27PM +0000, Hubert Kario via RT wrote:
>
> Given that TLSv1.3 has a 1RTT mode planned (so Client Key Exchange ends
> up as an extension, possibly multiple ones), and that quantum computing
> resistant algorithms usually require fairly large key sizes (large
> enough that protocol limitations itself are problematic), we may see
> Client Hellos larger than 16k in not so far future.
Since we don't actually know how things are going to change in the
future and that they can change the maximum size of a Client
Hello, it makes sense to me to not enforce a limit for the Client
Hello message just because that's what the current version only
supports. For all other messages we should be able to tell what
the maximum size is.
Kurt
More information about the openssl-dev
mailing list