…t RFC7627 ][ RFC-ietf-tls-rfc8446bis-13 24 token_binding RFC8472 25 cached_info RFC7924 26 tls_lts draft-gutmann-tls-lts-11 27 compress_certificate CH, CR RFC8879 28 record_size_limit CH, EE RFC8449 29 pwd_protect CH RFC8492 30 pwd_clear CH RFC8492 31 password_salt CH, SH, HRR RF…

… Note that if raw public keys [ RFC7250 ] or the cached information extension [ RFC7924 ] are in use, then this message will not contain a certificate but rather some other value corresponding to the server's long-term key. [ Section 4.4.2 ] CertificateVerify: A signature over th…

…SNI Extension MUST be used. A client can use the Cached Information Extension [ RFC7924 ] in hope that the server will try to send the certificates that are identical to the ones that are found in the TLS-Bootstrap DNS Resource Record, and that instead of sending the certificate,…

…e). Note that if raw public keys [RFC7250] or the cached information extension [RFC7924] are in use, then this message will not contain a certificate but rather some other value corresponding to the server's long-term key. [Section 4.4.2] CertificateVerify: A signature over the e…

…d servers can use raw public keys [ RFC7250 ] or Cached Information Extension [ RFC7924 ]. Cached Information Extension avoids transmitting the server's certificate and certificate chain if the client has cached that information from a previous TLS handshake. TLS False Start [ RF…

…the size of the Certificate message -- for example, the "cached_info" extension RFC7924 ; certificate compression RFC8879 ; and RFC6066 , which defines the "client_certificate_url" extension allowing DTLS clients to send a sequence of Uniform Resource Locators (URLs) instead of t…

…). Note that if raw public keys [ RFC7250 ] or the cached information extension RFC7924 ] are in use, then this message will not contain a certificate but rather some other value corresponding to the server's long-term key. [ Section 4.4.2 CertificateVerify: A signature over the …

…bout the true server name. For example, the "cached_info" ClientHello extension RFC7924 can contain the hash of a previously observed server certificate. The client SHOULD NOT send values associated with the true server name in the ClientHelloOuter. It MAY send such values in the…

…bout the true server name. For example, the "cached_info" ClientHello extension RFC7924 can contain the hash of a previously observed server certificate. The client SHOULD NOT send values associated with the true server name in the ClientHelloOuter. It MAY send such values in the…

…it can be useful to reduce the amount of data exchanged during a TLS handshake. RFC7924 describes a mechanism that allows a client and a server to avoid transmitting certificates already shared in an earlier handshake, but it doesn't help when the client connects to a server for …

…e). Note that if raw public keys [RFC7250] or the cached information extension [RFC7924] are in use, then this message will not contain a certificate but rather some other value corresponding to the server's long-term key. [Section 4.4.2] CertificateVerify: A signature over the e…

…). Note that if raw public keys [ RFC7250 ] or the cached information extension RFC7924 ] are in use, then this message will not contain a certificate but rather some other value corresponding to the server's long-term key. [ Section 4.4.2 CertificateVerify: A signature over the …

…it can be useful to reduce the amount of data exchanged during a TLS handshake. RFC7924 describes a mechanism that allows a client and a server to avoid transmitting certificates already shared in an earlier handshake, but it doesn't help when the client connects to a server for …