mmaehren

Yes, the RFCs aren't very clear what the other party should/must do in these cases. For TLS 1.3, RFC 8446 is clearer stating in section 6: > Peers which receive...

Hey, a minor addition to the above: Botan does not abort the handshake upon computing an all-zero premaster secret for curve X25519: - RFC 8422 - 5.11. Public Key Validation...

Yes, this is part of a research paper we're working on. The results for rustls are close to those of other well-known open source TLS libraries. We plan to release...

We agree that these cases should be listed separately in the future. We decided to include them based on the following statement from RFC 8446 section 6 > Peers which...

@briansmith We reached out to you via email

Hey, just a minor addition: upon receiving a ClientHello with a PSK extension but no PSK key exchange modes extension, Rustls falls back to a full handshake instead of aborting...

Hey, I agree with your interpretation of the RFCs. We initially started adding tests based on requirements that contain one of the mandatory keywords defined in RFC 2119. There are...

Thank you for the feedback. We agree that enforcing this ECC cipher suite check may cause problems - that's a good point! I think the alert description for the lack...

Yes, it's a false positive on our end - sorry if my last comment didn't convey this.

Internally, TLS-Attacker uses different `ProtocolLayers` to reflect the individual parts of a protocol stack. By default, the stack of layers contains a TcpLayer. If you want to use DTLS, you...