Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

What happens if TLS SRP and TLS 1.3 are used together? #4262

Closed
sayrer opened this issue Aug 24, 2019 · 1 comment
Closed

What happens if TLS SRP and TLS 1.3 are used together? #4262

sayrer opened this issue Aug 24, 2019 · 1 comment

Comments

@sayrer
Copy link

@sayrer sayrer commented Aug 24, 2019

From https://tools.ietf.org/html/draft-barnes-tls-pake-04:

"In prior versions of TLS, this functionality has been provided by the integration of the Secure Remote Password PAKE protocol (SRP) [RFC5054]. The specific SRP integration described in RFC 5054 does not immediately extend to TLS 1.3 because it relies on the Client Key Exchange and Server Key Exchange messages, which no longer exist in 1.3."

It doesn't seem like this combination will work. I guess maybe some docs should be added.

@bagder

This comment has been minimized.

Copy link
Member

@bagder bagder commented Aug 24, 2019

Sounds like a good idea, but this is the first I learn about this so I could use some help on what to say...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.