Skip to content

Implementation Notes

Jump to bottom
xvzcf edited this page Jun 2, 2020 · 8 revisions

  1. ssl/handshake.cc:ssl_max_handshake_message_len: The maximum message size for handshakes which do not accept peer certificate chains has been increased from 2^14 to 2^15 = 32768 bytes to accommodate the Frodo1344 variants.

  2. t1_lib.cc: We have numerous key-exchange algorithms and their hybrid variants in the fork, and it would be unwieldy to add all their group IDs and keyshares the ClientHello. We therefore only list the level-1 P-256 hybrids in the ClientHello by default. To override this default behaviour, the client can use the SSL_CTX_set1_curves_list call, or, if possible, specify the curve through a command line option.

  3. ssl.h: To accommodate some of the Rainbow variants (such as Rainbow-Ia-Classic) we have increased the value of SSL_MAX_CERT_LIST_DEFAULT, the maximum acceptable length of a peer certificate chain, from 102400 bytes to the maximum possible value specified by RFC 8446, which is 2^(24) - 1 = 16777215 bytes.

Clone this wiki locally