[TLS] Re: Security Concern in TLS 1.3 and OpenSSL Implementation
Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de> Wed, 19 November 2025 12:33 UTC
Return-Path: <muhammad_usama.sardar@tu-dresden.de>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 0AE5A8C63DC7 for <tls@mail2.ietf.org>; Wed, 19 Nov 2025 04:33:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.397
X-Spam-Level:
X-Spam-Status: No, score=-4.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=tu-dresden.de
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EQU6oV9vRQES for <tls@mail2.ietf.org>; Wed, 19 Nov 2025 04:32:59 -0800 (PST)
Received: from mailout3.zih.tu-dresden.de (mailout3.zih.tu-dresden.de [141.30.67.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 693FB8C63DBD for <tls@ietf.org>; Wed, 19 Nov 2025 04:32:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tu-dresden.de; s=dkim2022; h=Content-Type:In-Reply-To:From:References:CC:To :Subject:MIME-Version:Date:Message-ID:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=w4ermIhfWchYSfJ1pzktO6XCi9scHY6l8rDMZta68QA=; b=GInzkD/kui+d82ntE0cV1pHqtH Jqv8kbbBvs9/LW0isGG9JgWKZKF3CSCANdy2K+pAohqK1PRRIE4dwnPOiKN1V+pEWPrx069h2cGKi yesy0Vsyb5uG1JNiNXkVxPTWh69GT3/kPOSA6eHFbTveHdbI6gP+v+/eS2O6mLFkEDIws7H3VXCdw zgI71huWaYEIcK0JO+rv5M3NWmWjicsS+KOns6GhNRop2WOAf+XypOUocYC3tRdwswWFbdd23Blo1 3MKW13QT6GHEVPkOWQepf3iGKDE9hcRmfoiO7NUxuRS+gGTDQlpPJvXhnCxJ+jeTyI2XFKGkP32NC rY0muOow==;
Received: from msx-t422.msx.ad.zih.tu-dresden.de ([172.26.35.139] helo=msx.tu-dresden.de) by mailout3.zih.tu-dresden.de with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <muhammad_usama.sardar@tu-dresden.de>) id 1vLhMo-00FtV1-Hw; Wed, 19 Nov 2025 13:32:58 +0100
Received: from [10.12.5.228] (141.76.13.149) by msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.29; Wed, 19 Nov 2025 13:32:46 +0100
Message-ID: <1c145c54-a006-48b7-9f97-3649305f5794@tu-dresden.de>
Date: Wed, 19 Nov 2025 13:32:44 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Thom Wiggers <thom@thomwiggers.nl>
References: <7f563479-c1ac-4678-9d96-f8a0d8fb0e69@rozanak.com> <a649b086-9c38-4e06-bf06-0b5f57e0e9cb@tu-dresden.de> <b77d26df-0a68-423e-b4d7-651b1421e9a7@rozanak.com> <D2E3DD93-67F9-4A5D-B409-1483995AB27F@thomwiggers.nl> <99bbfbc8-673a-4e5f-ae8e-46008984e6c5@tu-dresden.de> <35FEF57D-52FE-484C-AB86-DCFDC676BEC3@thomwiggers.nl>
Content-Language: en-US
From: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
In-Reply-To: <35FEF57D-52FE-484C-AB86-DCFDC676BEC3@thomwiggers.nl>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms000408040409030000040309"
X-ClientProxiedBy: MSX-T416.msx.ad.zih.tu-dresden.de (172.26.35.136) To msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139)
X-TUD-Virus-Scanned: mailout3.zih.tu-dresden.de
Message-ID-Hash: RU7HNNAIIEQQFY3VRHLCAZPZ2TMATHA3
X-Message-ID-Hash: RU7HNNAIIEQQFY3VRHLCAZPZ2TMATHA3
X-MailFrom: muhammad_usama.sardar@tu-dresden.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: tls@ietf.org, "H.Rafiee" <ietf@rozanak.com>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Security Concern in TLS 1.3 and OpenSSL Implementation
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/onl3UNschVRgJKZcxech-bETi14>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Hi Thom, Many thanks for clarification. Another small clarifying question inline: On 19.11.25 06:36, Thom Wiggers wrote: > And indeed, what applies to the Main Secret applies to the other “internal” keys just as well. By "internal keys" you mean all the keys in the TLS 1.3 key schedule except for "exporter value" as defined in Sec. 7.5 of RFC8446bis, right? In other words, the set of "/external/ keys" would have just two keys: 1. "early" exporter value (which takes only ClientHello from handshake) 2. Exporter value (which takes up to ServerFinished from handshake) -Usama
- [TLS] Security Concern in TLS 1.3 and OpenSSL Imp… H.Rafiee
- [TLS] Re: Security Concern in TLS 1.3 and OpenSSL… Muhammad Usama Sardar
- [TLS] Re: Security Concern in TLS 1.3 and OpenSSL… H.Rafiee
- [TLS] Re: Security Concern in TLS 1.3 and OpenSSL… Thom Wiggers
- [TLS] Re: Security Concern in TLS 1.3 and OpenSSL… Thom Wiggers
- [TLS] Re: Security Concern in TLS 1.3 and OpenSSL… H.Rafiee
- [TLS] Re: Security Concern in TLS 1.3 and OpenSSL… H.Rafiee
- [TLS] Re: Security Concern in TLS 1.3 and OpenSSL… Muhammad Usama Sardar
- [TLS] Re: Security Concern in TLS 1.3 and OpenSSL… Muhammad Usama Sardar
- [TLS] Re: Security Concern in TLS 1.3 and OpenSSL… Muhammad Usama Sardar
- [TLS] Re: Security Concern in TLS 1.3 and OpenSSL… Thom Wiggers
- [TLS] Re: Security Concern in TLS 1.3 and OpenSSL… Muhammad Usama Sardar
- [TLS] Re: Security Concern in TLS 1.3 and OpenSSL… Muhammad Usama Sardar
- [TLS] Re: Security Concern in TLS 1.3 and OpenSSL… Thom Wiggers
- [TLS] Re: Security Concern in TLS 1.3 and OpenSSL… Muhammad Usama Sardar
- [TLS] Re: Security Concern in TLS 1.3 and OpenSSL… H.Rafiee
- [TLS] Re: Security Concern in TLS 1.3 and OpenSSL… Muhammad Usama Sardar
- [TLS] Re: Security Concern in TLS 1.3 and OpenSSL… H.Rafiee