ad-l
commented
7 years ago The new ClientHello sent by OpenSSL does not comply with the rules in 4.1.2: the client MUST send the same ClientHello (without modification) except for key_share, early_data, cookie, pre_shared_key In that case extensions from the original CH are removed in the second one
OpenSSL client sends ClientHello, with KeyShare not supported by the miTLS client:
miTLS server replies with HelloRetry:
OpenSSL client replies with an amended ClientHello:
miTLS server emits an "illegal_parameter alert. The debug output says: "TLS| sendAlert AD_illegal_parameter (Inconsistant parameters between first and second client hello)".
While the ClientHello contains less extensions than before, it seems to conform to the requirements in section 4.1.4 of the RFC (draft 21).