|
|
|
|
|
|
by toast0
2227 days ago
|
|
|
I don't know enough about TLS < 1.3. In TLS 1.3, the whole handshake on both sides is covered by the handshake completion --- if the client handshake was modified in the middle, the client will not accept the server handshake completion. However, that doesn't stop carriers from inserting something at the start of the stream that the client doesn't see. It would need to be coordinated with the origin server, but that's already true for HTTP header insertion. Sending a pre-handshake blob to a TLS server that isn't expecting such a blob would fail hard though, rather than going on its merry way like an extra header usually would. |
|
|