RFE: Option to reject handshake without ETM or EMS extension #21472
huiyuexu
started this conversation in
General Discussion
Replies: 2 comments
-
Should this actually be moved into Dicussions? |
Beta Was this translation helpful? Give feedback.
0 replies
-
It is convenient for the application layer to provide a callback after processing the clientHello message. The algorithm suite, ETM, and EMS values can be obtained. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
When the client hello does not include the ETM (encrypt then mac extension) or EMS (extend master secret), server will accept it and the handshake will be successful.
Because "non-AEAD + non-ETM" or "non-EMS" are not secure, can we consider that the server should reject the TLS handshake request?
It should be a problem discussion, just mislabeled as a bug.
Beta Was this translation helpful? Give feedback.
All reactions