[openssl-project] [TLS] Yet more TLS 1.3 deployment updates

David Benjamin davidben at google.com
Tue Jan 22 21:29:51 UTC 2019


On Tue, Jan 22, 2019 at 2:49 PM Kurt Roeckx <kurt at roeckx.be> wrote:

> On Tue, Jan 22, 2019 at 02:48:26PM -0500, Viktor Dukhovni wrote:
> > As for applications mishandling "SSL_CB_HANDSHAKE_START", not quite sure
> > what to do there, but perhaps we could define a new even for keyUpdates
> > that does not mislead applications into assuming a new "handshake".
>
> I think calling anything a handshake that is not a handshake
> should either be removed or renamed. KeyUpdate is not a handshake.
> I'm not sure what we do in case of a session ticket, but it also
> shouldn't send such events, but other events are probably useful
> in that case.
>

That one's already signaled out of SSL_CTX_sess_set_new_cb. I don't think
you need particularly need another event given that exists.

David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-project/attachments/20190122/77e7411a/attachment-0001.html>


More information about the openssl-project mailing list