Skip to content

Too many required hash updates in mtls TLS1.3 #5802

Closed
#5803
Closed
Too many required hash updates in mtls TLS1.3#5802
#5803
@maddeleine

Description

@maddeleine
maddeleine
opened on Mar 24, 2026

Security issue notifications

If you discover a potential security issue in s2n we ask that you notify
AWS Security via our vulnerability reporting page. Please do not create a public github issue.

Problem:

s2n_conn_update_required_handshake_hashes sets which hash algorithms we're required to keep updating with the handshake transcript throughout the TLS handshake. I don't think anyone has looked at this in years, but specifically for client auth, all hashes are required, which is like 8 different hash algorithms. It is expensive to update 8 hashes on every handshake message in the mtls case.

Solution:

In TLS1.3 the hash on the ciphersuite is used to do the transcript hash. So only one hash is required once you know the protocol is TLS1.3, even in the client auth case. Note that this is not the case in TLS12 mutual auth, which allowed the client to choose their own hash algorithm for the transcript hash.

Requirements / Acceptance Criteria:

Benchmarks should show reduction in mtls handshake latency in the TLS1.3 case.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions