proposal: crypto/tls: RFC 7685 support (ClientHello "padding(21)") #39271
Labels
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Proposal
Proposal-Crypto
Proposal related to crypto packages or other security issues
Milestone
Unfortunately, there are TLS servers that refuse (and hang upon) ClientHello messages of sizes in the range 256-512 bytes, causing TLS handshake timeouts. RFC 7685 lets clients mitigate this by adding padding bytes to the ClientHello messages, so clients can adjust the ClientHello sizes at will as a workaround.
https://tools.ietf.org/html/rfc7685#section-1 reads:
And here's a description of a buggy server implementation:
https://mailarchive.ietf.org/arch/msg/tls/8wXwhM1d5WSmROHFSgrTyFmWN2o/
Adding support for this extension would let users workaround these buggy server implementations.
The text was updated successfully, but these errors were encountered: