Matt Caswell

> Ping @mattcaswell, do you have recommendations for testing the epoch values? Hmmm. Could you do this using your new TLSProxy updates? i.e. create a test with a filter that...

Looks good. Would you be willing to write a test for this?

@martinschmatz - since you wrote the initial patch we will need a CLA from you and you will also need to be listed on the IBM CCLA. See: https://www.openssl.org/policies/cla.html

> I believe @maximilien is our CCLA contact, but here's on vacation for the next week, so I would need to ping him to respond to any emails. Since this...

@ajbozarth - any update on this?

@ajbozarth - see #23391 which points out a memleak in this PR.

> @mattcaswell I cherry-picked the commit from https://github.com/openssl/openssl/pull/23391 to give credit where due, but it seems that PR author isn't filed a CLA yet. I'm still working on tests and...

Yes. Although it says that in the title/description of the PR - this is in fact about `RSA_PKCS1_WITH_TLS_PADDING`

Pushed to the feature/dtls-1.3 branch. I squashed the last commit into the previous one

> Test failures are relevant. We need to merge a couple of other PR's before this is working. Will those failure go away with a rebase now?