[openssl-project] Potentially adding TLS record header to TLS 1.3 AAD

Matt Caswell matt at openssl.org
Mon Feb 26 12:33:20 UTC 2018

On 24/02/18 18:57, Benjamin Kaduk wrote:
> Hi all,
> There's a pull request open against the TLS 1.3 spec to include the
> record header in the AAD for record protection
> (https://github.com/tlswg/tls13-spec/pull/1158).  We're somewhat on
> the fence about this, with the main advantage seeming to be for DTLS
> and not plain TLS, but it would probably still be useful to have
> some sense for how hard it would be to implement.  Matt, do you have
> any thoughts off the top of your head?

I've looked into this. And because I can't put this stuff down I played
around to see what it would take to implement it:


It's quite straight forward really. The above commit still leaves a
couple of test failures there - but I went far enough to prove the
concept. The test failures just need a bit more time to solve (one is
something to do with the way I set up AAD for CCM ciphersuites; and the
other is that the TLSv1.3 encryption test vectors need updating).


More information about the openssl-project mailing list