martinschmatz

Results 25 comments of martinschmatz

Enhanced observability for TLS ClientHello: ciphers, supported groups, key shares and sigalgs

Great! Will do.... Just FYI - I identified a person in my organization more knowledgeable in the process of open-sourcing (in particular when it comes to also generating tests and...

Need support for multiple key share entries in ClientHello

@mattcaswell In analogy to the '?' prefix to ignore unknown groups in [SSL_CTX_set1_groups_list](https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups_list.html), would it be acceptable to use a "!" as additional, optional prefix to indicate the desire to...

Need support for multiple key share entries in ClientHello

@t8m FYI - a first version to support multiple key shares is 'wiggling' (= basic operation with more testing required). One question came up: _**Do we want to limit the...

Need support for multiple key share entries in ClientHello

Code is running, survived first tests. Here a first write-up of what the code change will do, to be added [here](https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups_list.html): ``` If a group name in SSL_CTX_set1_groups_list() is preceded...

Need support for multiple key share entries in ClientHello

Limitation to 4 key_shares is intended and it's well understood that this choice deviates from the standard - unless one [takes](https://datatracker.ietf.org/doc/html/rfc8446#section-9.2) "In the absence of an application profile standard _specifying...

Need support for multiple key share entries in ClientHello

@BugOfBugs It was understood already in your post further up that you argue against limiting the number of `key_shares` sent by the client. The arguments I 'invented' in favor of...

Need support for multiple key share entries in ClientHello

@BugOfBugs You seem to have missed the argument that default (build time configurable) limitation to a maximum of 4 `Key Share Entries` in the `key_share` extension of a `ClientHello` is...

Need support for multiple key share entries in ClientHello

[CNSA 2.0](https://media.defense.gov/2022/Sep/07/2003071834/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS_.PDF) mandates to support and _prefer_ Q-safe algorithms if available. Therefore, when a client supports a Q-safe algorithm for the key agreement, the server must be able select it...

Need support for multiple key share entries in ClientHello

@vdukhovni Point well taken related to 'how stringent is the _prefer_ mandate'. I'll have somebody reach out to the CNSA2.0 owners (NSA) for clarification. Fundamentally, I can identify the following...

Need support for multiple key share entries in ClientHello

@ghen2 Client and server sides each use a colon separated string of optionally prefixed groups. I guess you are well aware, but mentioning it nevertheless: TLS applications that are using...