-
Notifications
You must be signed in to change notification settings - Fork 144
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Why does the client hello change? #351
Comments
IIRC size of a BER-encoded secp256r1 public key generated and used for key exchange can change by one byte, depending on its value. You might be interested in using x25519 if you want to keep the size fixed. Re different versions of picotls, the size of the ClientHello will change, as we add support for different things (e.g., new Signature Algorithm). |
Good point re:25519. Is there a way I can control the signature algorithms advertised by picotls? |
My main concern is finding differences between Windows runs and Linux runs, probably due to what version of openssl is installed. That creates noise in the tests. |
As part of the picoquic test suite, we have tests of the qlog implementation. The test is simple: run a QUIC connection on a simulator, capture a log, verify that the captured log matches a reference file. For the test to work, we need to make sure that execution remains the same from run to run, so the test detects possible changes in the logging code, not unrelated changes in the environment. For example, in order to minimize variability in the size of the "client hello", the code:
I understand that the value of the client hello will change based on different random numbers, keys shares, etc. But by forcing the code to use just on ciphersuite and one key exchange, I would expect the size of the ClientHello to remain constant. But we observe variations based on versions of picotls, or versions of the underlying openssl library. Why?
The text was updated successfully, but these errors were encountered: