Matt Caswell

This is most likely non-trivial. My guess is that there are subtle dependencies between the various extension construction functions which would not like to be suddenly called in a different...

Another extension construction function that springs to mind that definitely requires a specific ordering is the padding extension. OpenSSL requires that it either by added last (in the absence of...

> What would a public API for this look like? Would it be a property of SSL_CTX? One possibility could be a callback that makes the message buffer about to...

Of course just shuffling extensions might not be sufficient to achieve the goal. A fingerprinter could start looking for the presence or absence of certain extensions instead of relying on...

See also #19248 which reports a different but related problem.

An interesting idea. > Algorithm Fetching. Define a new reserved property name (such as ‘load_balance=1’) to highlight that a provider wants to join run-time load balancing A provider may not...

I think it might actually be feasible to implement something now using released 3.0, i.e. via a 3rd party "load balancing provider". Such a provider would have to have its...

Note there is a trivial conflict when cherry-picking back to 1.1.1 which I will fix during merge.

Ping for second review

I rebased this to resolve a conflict with master. Still looking for a second reviewer. Ping @openssl/committers.