Jack Lloyd

Thanks! My only comment at this time is that the padding extension finding is spurious - because Botan does not implement this extension, the padding bytes are opaque to us.

For these > when a server chooses a non-CBC cipher suite but negotiates encrypt-then-MAC > upon receiving a ClientHello that contains elliptic curve extensions but no ECC cipher suite I'm...

I think it is just a coincidence of shutdown order that you don't hit it with certain versions; nothing has changed here in the last releases. One option that would...

To clarify my suggestion only works for something like `HMAC_DRBG` where the state isn't a singleton. It wouldn't help for system RNG as it exists today. Having System_RNG refer to...

Botan 1.15 is not something that exists. Possibly this is a Boost or Beast version? Also I'm really not sure why it would happen to work for botan.randombit.net and not...

> How can this source compile????? There is no botan folder with .h in all the source tree!!! This directory is being created by `configure.py` with symlinks (or on Windows...

Initially I wonder if the private key being 1 was triggering some corner case but using random integers instead changes nothing. If I change this > printf("%s; verified: %d\n", curve.c_str(),...

> I suspect there is a discrepancy between EMSA1 and EMSA_Raw with how the hash ends up getting truncated. Confirmed. Using `EMSA1(SHA-256)` the message representative is e = 0x02A0402B9AA8650342D98EECC73519850BAEF6F5 but...

Nice thank you. I will review this next week.

Can you rebase against master to pick up #2338 I think the new `write_unecrypted_record` fn replaces the code you have in tls_server.cpp for same purpose.