[openssl-dev] [openssl.org #4063] Re: [openssl.org #4065] Re: Client Hello longer than 2^14 bytes are rejected

[Hubert Kario via RT]

On Friday 25 September 2015 19:19:12 Kurt Roeckx via RT wrote:
> On Fri, Sep 25, 2015 at 04:23:27PM +0000, Hubert Kario via RT wrote:
> > Given that TLSv1.3 has a 1RTT mode planned (so Client Key Exchange
> > ends up as an extension, possibly multiple ones), and that quantum
> > computing resistant algorithms usually require fairly large key
> > sizes (large enough that protocol limitations itself are
> > problematic), we may see Client Hellos larger than 16k in not so
> > far future.
> 
> Since we don't actually know how things are going to change in the
> future and that they can change the maximum size of a Client
> Hello, it makes sense to me to not enforce a limit for the Client
> Hello message just because that's what the current version only
> supports.  For all other messages we should be able to tell what
> the maximum size is.

It was already raised on the IETF mailing list and nobody disagreed that 
any future Client Hello messages need to be compatible for previous 
protocol versions.

And that was in context of TLS 1.3 and quantum resistant crypto.

Finally, there are implementations that do follow the specification to 
the letter - e.g. Mozilla NSS.
-- 
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150929/6a9c0271/attachment.sig>