nametoolong

DMD 2.047.1 also stucks (for a shorter period) at `sha2_64.compress`.

Thanks for reviewing and I am sorry to issue such an hackish PR (though it has been in production for a while :( ). I will try to fix those...

@randombit What's the idiom in Botan to restrict a `DTLS_Prestate` to be used exactly once, like returning an `unique_ptr`? If we store the client hello in prestate I think it...

Rebased (and kind of messed up commit timestamps). Cleaned up tls_server.cpp.

> But parsing it is only required to get at the version, type, and cookie (which are relatively easy to find) plus to compute the hello verify MAC input which...

I should also note some 802.1x protocols like PEAP or EAP-TTLS use stream TLS but in a request/response way. Write coalescence is a must for EAP supplicants.

IMHO deduplication should be done in `Handshake_Reassembly` - otherwise we have to add a new code path for each type of message which is hard to maintain. https://github.com/randombit/botan/blob/master/src/lib/tls/tls_handshake_io.cpp#L245 might be...

> 即使不考虑破坏性，仍存在一个误报率的问题：由于 TLS 的应用广泛且复杂，是否某些 TLS 实现/网络因素会被误报？ TLS 1.3 mandates connection closure upon error. So an RFC-conforming implementation will never trigger a false positive. False negatives are unavoidable. > 关于 issue...

I don't think the attacks I've described are practical though. Exploiting the difference between fatal and non-fatal alerts needs precise timing (leveraging the delay between `close_notify` and TCP reset) which...

There are still several old pipelining calls in the codebase. (Sorry for some completely gibberish here.) Should be fixed or will be a **real** performance hit. https://github.com/mastodon/mastodon/blob/6a5e447753095606e42cc3899887ba7fae77a0e8/app/lib/feed_manager.rb#L276-L296