Server Hello
Click on the red underlined text to get to the source
... In order to support the extensions above, general extension
mechanisms for the client hello message and the server hello message
are introduced.
...
... describes general extension mechanisms for the client hello and
server hello handshake messages. Section 3 describes specific
extensions to TLS ...
... handshake client hello and server hello messages.
These general extension mechanisms are necessary in order to enable
...
... client hello message format,
Section 2.2 specifies the extended server hello message format, and
Section 2.3 describes the actual extension format ...
... Extended Server Hello ...
... server hello message format MAY be sent in place of the
server hello message when the client has requested extended
functionality via the extended client hello ...
... functionality via the extended client hello message specified in
Section 2.1. The extended server hello message format is:
...
... extensions. The actual "Extension" format is defined in Section 2.3.
Note that the extended server hello message is only sent in response
to an extended client hello message. This prevents the possibility
...
... to an extended client hello message. This prevents the possibility
that the extended server hello message could "break" existing TLS
clients ...
...
Note that for all extension types (including those defined in the
future), the extension type MUST NOT appear in the extended server
hello unless the same extension type appeared in the corresponding
client hello. Thus clients ...
... clients MUST abort the handshake if they receive
an extension type in the extended server hello that they did not
request in the associated (extended) client hello.
...
... Also note that when multiple extensions of different types are
present in the extended client hello or the extended server hello,
the extensions may appear in any order. There MUST NOT be more than
one extension of the same type.
...
... - If, on the other hand, the older session is resumed, then the
server MUST ignore the extensions and send a server hello
containing none of the extension types. In this case, the
functionality of these extensions negotiated during the original
...
... SHALL include an extension of type "server_name" in the (extended)
server hello. The "extension_data" field of this extension SHALL be
empty.
...
... fragment length by including an extension of type
"max_fragment_length" in the (extended) server hello. The
"extension_data" field of this extension SHALL contain a
"MaxFragmentLength" whose value is the same as the requested maximum
...
... "client_certificate_url" in the (extended) server hello. The
"extension_data" field of this extension SHALL be empty.
...
... client. In this event, the server SHALL include an extension of type
"trusted_ca_keys" in the (extended) server hello. The
"extension_data" field of this extension SHALL be empty.
...
... of type "truncated_hmac", with empty "extension_data", in the
extended server hello.
Note that if new cipher suites ...
... extension of type "status_request" with empty "extension_data" in the
extended server hello.
struct {
...
... alert is sent by clients that
receive an extended server hello containing an extension that they
did not put in the corresponding client hello (see Section 2.3).
...