Matt Caswell
Matt Caswell
It's actually quite unclear what a zero length ticket even means in TLSv1.2. But at least it is syntactically allowed. For TLSv1.3 sending a 1 byte ticket would be possible...
> Can we also not send a NewSessionTicket message if the callback failed to produce the required material? At the point the callback is called we have already decided to...
I have a fix for master in #18990. It's a bit too invasive for backport to 3.0/1.1.1 but I think I can create a less invasive version that is more...
> I think it's pretty clear, actually: Great - thanks. Somehow I couldn't find that reference.
> maybe not so bad, given how invasive https://github.com/openssl/openssl/pull/18990 is. I'm fairly sure I can create a version of #18990 that is a lot less invasive (basically don't introduce the...
> We would of course reject such a 1-byte ticket when it came back to us, falling back to a full handshake. Which is ... maybe not so bad, given...
Reopening this. It was auto-closed due to the merge of #18990. However that PR only addresses master and we still need a backport to 3.0.
The fix was backported to 3.0 by #19249 which has now been merged. Closing this.
Unfortunately 1.1.1 is in security-fix only mode so the fix won't be backported there.
> There is enc2 command planned for the future that should introduce more features including configurable saltlen. "Planned" is probably over stating it. It was discussed that the current "enc"...