Ask Your Question

Revision history [back]

TLS 1.3 (see RFC 8446) permits a 0-RTT connection where the server simply chooses the cipher spec from the reduced list offered by the client and starts the encrypted data transfer early.

For TLS middle box compatibility, the server also sends a Change Cipher Spec message in a TLS 1.2 record, see RFC 8446 Appendix D4:

-  The server sends a dummy change_cipher_spec record immediately after its first handshake message.  This may either be after a ServerHello or a HelloRetryRequest.