From 102c2283de0bdcfb4a1a0e7a6f385aca869f38d4 Mon Sep 17 00:00:00 2001 From: muhammad-usama-sardar <12mseemsardar@seecs.edu.pk> Date: Thu, 12 Feb 2026 09:51:01 +0100 Subject: [PATCH 1/2] clarify tx hash --- draft-ietf-tls-rfc8446bis.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/draft-ietf-tls-rfc8446bis.md b/draft-ietf-tls-rfc8446bis.md index 13c3d331..8fbc647d 100644 --- a/draft-ietf-tls-rfc8446bis.md +++ b/draft-ietf-tls-rfc8446bis.md @@ -2973,7 +2973,8 @@ for each scenario: Many of the cryptographic computations in TLS make use of a transcript hash. This value is computed by hashing the concatenation of -each included handshake message, including the handshake +each included handshake message , +including the handshake message header carrying the handshake message type and length fields, but not including record layer headers. I.e., @@ -2995,7 +2996,7 @@ stateless HelloRetryRequest by storing just the hash of ClientHello1 in the cookie, rather than requiring it to export the entire intermediate hash state (see {{cookie}}). -For concreteness, the transcript hash is always taken from the +Unless specified otherwise, the transcript hash is always taken from the following sequence of handshake messages, starting at the first ClientHello and including only those messages that were sent: ClientHello, HelloRetryRequest, ClientHello, ServerHello, @@ -3003,6 +3004,11 @@ EncryptedExtensions, server CertificateRequest, server Certificate, server CertificateVerify, server Finished, EndOfEarlyData, client Certificate, client CertificateVerify, and client Finished. +Unless specified otherwise, the messages in the transcript hash are +always taken as sent or received by the endpoint without any processing. +This helps to detect any modifications to ensure the integrity of +messages. + In general, implementations can implement the transcript by keeping a running transcript hash value based on the negotiated hash. Note, however, that subsequent post-handshake authentications do not include From 0dee57b05790e95bcac5172ecb734f0d3707488a Mon Sep 17 00:00:00 2001 From: muhammad-usama-sardar <12mseemsardar@seecs.edu.pk> Date: Thu, 12 Feb 2026 09:56:08 +0100 Subject: [PATCH 2/2] revert changes in first para --- draft-ietf-tls-rfc8446bis.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/draft-ietf-tls-rfc8446bis.md b/draft-ietf-tls-rfc8446bis.md index 8fbc647d..2bea6768 100644 --- a/draft-ietf-tls-rfc8446bis.md +++ b/draft-ietf-tls-rfc8446bis.md @@ -2973,8 +2973,7 @@ for each scenario: Many of the cryptographic computations in TLS make use of a transcript hash. This value is computed by hashing the concatenation of -each included handshake message , -including the handshake +each included handshake message, including the handshake message header carrying the handshake message type and length fields, but not including record layer headers. I.e.,