Bug 1647752 Comment 1 Edit History

Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.

Original comment by

Kevin Jacobs [:kjacobs]

on 2020-07-06 11:58:44 PDT

This patch updates DTLS 1.3 to draft-38. Specifically:


  # `ssl_ct_ack` value changes from 25 to 26.
  # AEAD limits in `tls13_UnprotectRecord` enforce a maximum of 2^36-1 (as we only support GCM/ChaCha20 AEADs) decryption failures before the connection is closed.

Revision 1 by

Kevin Jacobs [:kjacobs]

on 2020-07-06 12:10:19 PDT

This patch updates DTLS 1.3 to draft-38. Specifically:


  - `ssl_ct_ack` value changes from 25 to 26.
  - AEAD limits in `tls13_UnprotectRecord` enforce a maximum of 2^36-1 (as we only support GCM/ChaCha20 AEADs) decryption failures before the connection is closed.
  - Post-handshake authentication will no longer be negotiated in DTLS 1.3. This allows us to side-step the more convoluted state machine requirements.

Back to Bug 1647752 Comment 1