[openssl-project] Potentially adding TLS record header to TLS 1.3 AAD

Benjamin Kaduk kaduk at mit.edu
Mon Feb 26 21:28:16 UTC 2018

On Mon, Feb 26, 2018 at 12:33:20PM +0000, Matt Caswell wrote:
> On 24/02/18 18:57, Benjamin Kaduk wrote:
> > Hi all,
> > 
> > There's a pull request open against the TLS 1.3 spec to include the
> > record header in the AAD for record protection
> > (https://github.com/tlswg/tls13-spec/pull/1158).  We're somewhat on
> > the fence about this, with the main advantage seeming to be for DTLS
> > and not plain TLS, but it would probably still be useful to have
> > some sense for how hard it would be to implement.  Matt, do you have
> > any thoughts off the top of your head?
> I've looked into this. And because I can't put this stuff down I played
> around to see what it would take to implement it:

Thank you!


> https://github.com/mattcaswell/openssl/commit/46494d3056fdfb9416b3585c8a5430e53abe0a58
> It's quite straight forward really. The above commit still leaves a
> couple of test failures there - but I went far enough to prove the
> concept. The test failures just need a bit more time to solve (one is
> something to do with the way I set up AAD for CCM ciphersuites; and the
> other is that the TLSv1.3 encryption test vectors need updating).
> Matt

More information about the openssl-project mailing list