Matt Caswell

Your question is a little unclear, but it sounds like you may be getting confused about what the purpose of the key_share extension is. This extension will exist every time...

> but every time it use the key_share to recover the old handshark. key_share is *always* sent by an OpenSSL TLSv1.3 capable client. It is always different. It is not...

> but why they don‘t exchange the certificates in TLS1.3. I want to catch the certificate. All the handshake after the initial ClientHello/ServerHello is encrypted in TLSv1.3 and will appear...

Progress on this seems to have stalled. Looking through this it seems there are some unresolved comments still?

It's just a test vector calculated by running a known-good implementation of the algorithm with the same parameters previously. You wouldn't need to do that in real-world usage.

Seems like quite a few of my comments didn't get a response...github helpfully "hides" some comments when there are too many. Perhaps you missed them?

Ping @ckalina

Ping @ckalina (Note we are fast approaching beta1 - the deadline for new features in OpenSSL 3.0)

> @mattcaswell Sorry for my absence of late, I've been rather preoccupied. I will try and get back to you with all the requested changes soon (no later than say...

Ping?