Ask Your Question

there say `Change Cipher Spec`? why it do not use `Choose Cipher Suite`?

asked 2022-06-20 08:52:08 +0000

markleo gravatar image

updated 2022-06-20 09:20:58 +0000

grahamb gravatar image

I have a question about Server Hello of TLS handshake.

you see the red frame I tagged.

why there say Change Cipher Spec? why it do not use Choose Cipher Suite?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2022-06-20 09:34:52 +0000

grahamb gravatar image

TLS 1.3 (see RFC 8446) permits a 0-RTT connection where the server simply chooses the cipher spec from the reduced list offered by the client and starts the encrypted data transfer early.

For TLS middle box compatibility, the server also sends a Change Cipher Spec message in a TLS 1.2 record, see RFC 8446 Appendix D4:

-  The server sends a dummy change_cipher_spec record immediately after its first handshake message.  This may either be after a ServerHello or a HelloRetryRequest.
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2022-06-20 08:52:08 +0000

Seen: 1,215 times

Last updated: Jun 20 '22