Randomize the order of TLS ClientHello extensions, to reduce ossification.
It is possible that Chrome’s ClientHello extension ordering is already ossified. This change may cause compatibility issues with middleboxes or other network monitoring software. We will do a slow rollout and monitor breakage.
n/a, not developer facing
n/a, not developer facing
Using a fixed extension order can encourage server implementers to fingerprint Chrome and then assume specific implementation behavior. This can limit ecosystem agility when Chrome implements future modifications to TLS, if the server implementations are not prepared for Chrome to change its ClientHello. Chrome will randomly order extensions, subject to the pre_shared_key constraint in the RFC. This will reduce the risk of server and middleboxes fixating on details of our current ClientHello. This should make the TLS ecosystem more robust to changes.
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
n/a, inner function of TLS stack
DevTrial on desktop | 106 |
DevTrial on Android | 106 |
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/4cb933c7-3dac-4c98-8020-2398c8ed3775n%40chromium.org.