…ignature Algorithm (ECDSA) are added in [RFC4492]. o Stateless session tickets [RFC5077]. o A datagram mode of operation, DTLS [RFC6347]. o Application-layer protocol negotiation [RFC7301]. 6. Security Considerations This entire document aims to improve security by prohibiting th…
…vers. Note that, if the cookie includes a key name, analogous to Section 4 of [ RFC5077 , this may leak information if different backend servers issue cookies with different key names at the time of the connection. In particular, if the deployment operates in Split Mode, the back…
…ed features such as TCP Fast Open (TFO) [ RFC7413 ] or TLS session resumption [ RFC5077 o DNS-over-HTTPS [ RFC8484 ] message details: * Whether the message used POST or GET * HTTPS Headers o Malformed DNS messages if the wire format is not recorded o Any non-DNS messages that wer…
…ervers. Note that, if the cookie includes a key name, analogous to Section 4 of RFC5077 , this may leak information if different backend servers issue cookies with different key names at the time of the connection. In particular, if the deployment operates in Split Mode, the back…
…e session, only of the connection. When session resumption or session tickets [ RFC5077 ] are used, the previous contents of this extension are irrelevant, and only the values in the new handshake messages are considered. 3.2 . Protocol Selection It is expected that a server will…
…e session, only of the connection. When session resumption or session tickets [ RFC5077 ] are used, the previous contents of this extension are irrelevant, and only the values in the new handshake messages are considered. 3.2 . Protocol Selection It is expected that a server will…
…e session, only of the connection. When session resumption or session tickets [ RFC5077 ] are used, the previous contents of this extension are irrelevant, and only the values in the new handshake messages are considered. 3.2 . Protocol Selection It is expected that a server will…
…recent developments such as OCSP Stapling [ RFC6961 ] and TLS session tickets [ RFC5077 ] have reduced this overhead to the point where the deficit is minor -- often, imperceptible (see Is TLS Fast Yet? for details). We expect that future developments (such as TLS/1.3) will furth…
…ix >= 3.0: aes-256-cbc, Postfix < 3.0: aes-128-cbc) ¶ Algorithm used to encrypt RFC5077 TLS session tickets. This algorithm must use CBC mode, have a 128-bit block size, and must have a key length between 128 and 256 bits. The default is aes-256-cbc. Overriding the default to cho…
…stfix ≥ 3.0: aes-256-cbc, Postfix < 3.0: aes-128-cbc) Algorithm used to encrypt RFC5077 TLS session tickets. This algorithm must use CBC mode, have a 128-bit block size, and must have a key length between 128 and 256 bits. The default is aes-256-cbc. Overriding the default to cho…
…dential CH, CR, CT RFC9345 35 session_ticket (renamed from "SessionTicket TLS") RFC5077 ][ RFC8447 36 TLMSP ETSI TS 103 523-2 37 TLMSP_proxying ETSI TS 103 523-2 38 TLMSP_delegate ETSI TS 103 523-2 39 supported_ekt_ciphers CH, EE RFC8870 40 Reserved RFC9847 ][ tls-reg-review mail…
…stfix ≥ 3.0: aes-256-cbc, Postfix < 3.0: aes-128-cbc) Algorithm used to encrypt RFC5077 TLS session tickets. This algorithm must use CBC mode, have a 128-bit block size, and must have a key length between 128 and 256 bits. The default is aes-256-cbc. Overriding the default to cho…
← Previous
Page 2