tttls1.3 0.2.19 → 0.3.0

data/lib/tttls1.3/connection.rb

@@ -5,6 +5,9 @@ module TTTLS13
   INITIAL = 0
   EOF     = -1
 
+  SUPPORTED_ECHCONFIG_VERSIONS = ["\xfe\x0d"].freeze
+  private_constant :SUPPORTED_ECHCONFIG_VERSIONS
+
   # rubocop: disable Metrics/ClassLength
   class Connection
     include Logging

data/lib/tttls1.3/cryptograph/aead.rb

@@ -45,7 +45,7 @@ module TTTLS13
       # @return [String]
       def encrypt(content, type)
         cipher = reset_cipher
-        plaintext = content + type + "\x00" * @length_of_padding
+        plaintext = content + type + @length_of_padding.zeros
         cipher.auth_data = additional_data(plaintext.length)
         encrypted_data = cipher.update(plaintext) + cipher.final
         @sequence_number.succ

data/lib/tttls1.3/error.rb

@@ -10,7 +10,7 @@ module TTTLS13
     class ConfigError < Error; end
 
     # Raised on received Error Alerts message or invalid message.
-    # https://tools.ietf.org/html/rfc8446#section-6.2
+    # https://datatracker.ietf.org/doc/html/rfc8446#section-6.2
     # Terminated the connection, so you *cannot* recover from this exception.
     class ErrorAlerts < Error
       # @return [TTTLS13::Message::Alert]

data/lib/tttls1.3/hpke.rb

@@ -0,0 +1,91 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module TTTLS13
+  # NOTE: Hpke module is the adapter for ech_config using hpke-rb.
+  module Hpke
+    module KemId
+      # https://www.iana.org/assignments/hpke/hpke.xhtml#hpke-kem-ids
+      P_256_SHA256  = 0x0010
+      P_384_SHA384  = 0x0011
+      P_521_SHA512  = 0x0012
+      X25519_SHA256 = 0x0020
+      X448_SHA512   = 0x0021
+    end
+
+    def self.kem_id2dhkem(kem_id)
+      case kem_id
+      when KemId::P_256_SHA256
+        %i[p_256 sha256]
+      when KemId::P_384_SHA384
+        %i[p_384 sha384]
+      when KemId::P_521_SHA512
+        %i[p_521 sha512]
+      when KemId::X25519_SHA256
+        %i[x25519 sha256]
+      when KemId::X448_SHA512
+        %i[x448 sha512]
+      end
+    end
+
+    def self.kem_curve_name2dhkem(kem_curve_name)
+      case kem_curve_name
+      when :p_256
+        HPKE::DHKEM::EC::P_256
+      when :p_384
+        HPKE::DHKEM::EC::P_384
+      when :p_521
+        HPKE::DHKEM::EC::P_521
+      when :x25519
+        HPKE::DHKEM::X25519
+      when :x448
+        HPKE::DHKEM::X448
+      end
+    end
+
+    module KdfId
+      # https://www.iana.org/assignments/hpke/hpke.xhtml#hpke-kdf-ids
+      HKDF_SHA256 = 0x0001
+      HKDF_SHA384 = 0x0002
+      HKDF_SHA512 = 0x0003
+    end
+
+    def self.kdf_id2kdf_hash(kdf_id)
+      case kdf_id
+      when KdfId::HKDF_SHA256
+        :sha256
+      when KdfId::HKDF_SHA384
+        :sha384
+      when KdfId::HKDF_SHA512
+        :sha512
+      end
+    end
+
+    module AeadId
+      # https://www.iana.org/assignments/hpke/hpke.xhtml#hpke-aead-ids
+      AES_128_GCM       = 0x0001
+      AES_256_GCM       = 0x0002
+      CHACHA20_POLY1305 = 0x0003
+    end
+
+    def self.aead_id2overhead_len(aead_id)
+      case aead_id
+      when AeadId::AES_128_GCM, AeadId::CHACHA20_POLY1305
+        16
+      when AeadId::AES_256_GCM
+        32
+      end
+    end
+
+    def self.aead_id2aead_cipher(aead_id)
+      case aead_id
+      when AeadId::AES_128_GCM
+        :aes_128_gcm
+      when AeadId::AES_256_GCM
+        :aes_256_gcm
+      when AeadId::CHACHA20_POLY1305
+        :chacha20_poly1305
+      end
+    end
+  end
+end

data/lib/tttls1.3/key_schedule.rb

@@ -14,14 +14,14 @@ module TTTLS13
       @hash_len = CipherSuite.hash_len(cipher_suite)
       @key_len = CipherSuite.key_len(cipher_suite)
       @iv_len = CipherSuite.iv_len(cipher_suite)
-      @psk = psk || "\x00" * @hash_len
+      @psk = psk || @hash_len.zeros
       @shared_secret = shared_secret
       @transcript = transcript
     end
 
     # @return [String]
     def early_salt
-      "\x00" * @hash_len
+      @hash_len.zeros
     end
 
     # @return [String]
@@ -155,7 +155,7 @@ module TTTLS13
 
     # @return [String]
     def main_secret
-      ikm = "\x00" * @hash_len
+      ikm = @hash_len.zeros
       hkdf_extract(ikm, main_salt)
     end
 
@@ -273,6 +273,74 @@ module TTTLS13
     def derive_secret(secret, label, context)
       self.class.hkdf_expand_label(secret, label, context, @hash_len, @digest)
     end
+
+    # @return [String]
+    def accept_confirmation
+      ch_inner_random = @transcript[CH].first.random
+      sh = @transcript[SH].first
+      sh = Message::ServerHello.new(
+        random: sh.random[...-8] + 8.zeros,
+        legacy_session_id_echo: sh.legacy_session_id_echo,
+        cipher_suite: sh.cipher_suite,
+        extensions: sh.extensions
+      )
+      transcript = @transcript.clone
+      transcript[SH] = [sh, sh.serialize]
+      transcript_ech_conf = transcript.hash(@digest, SH)
+
+      self.class.hkdf_expand_label(
+        hkdf_extract(ch_inner_random, ''),
+        'ech accept confirmation',
+        transcript_ech_conf,
+        8,
+        @digest
+      )
+    end
+
+    # @return [Boolean]
+    def accept_ech?
+      accept_confirmation == @transcript[SH].first.random[-8..]
+    end
+
+    # @return [String]
+    def hrr_accept_confirmation
+      ch1_inner_random = @transcript[CH1].first.random
+      hrr = @transcript[HRR].first
+      ech = Message::Extension::ECHHelloRetryRequest.new("\x00" * 8)
+      hrr = Message::ServerHello.new(
+        random: hrr.random,
+        legacy_session_id_echo: hrr.legacy_session_id_echo,
+        cipher_suite: hrr.cipher_suite,
+        extensions: hrr.extensions.merge(
+          Message::ExtensionType::ENCRYPTED_CLIENT_HELLO => ech
+        )
+      )
+
+      # It then computes the transcript hash for the first ClientHelloInner,
+      # denoted ClientHelloInner1, up to and including the modified
+      # HelloRetryRequest.
+      #
+      # https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-17#section-7.2.1-2
+      transcript = @transcript.clone
+      transcript[HRR] = [hrr, hrr.serialize]
+      transcript_hrr_ech_conf = transcript.hash(@digest, HRR)
+
+      self.class.hkdf_expand_label(
+        hkdf_extract(ch1_inner_random, ''),
+        'hrr ech accept confirmation',
+        transcript_hrr_ech_conf,
+        8,
+        @digest
+      )
+    end
+
+    # @return [Boolean]
+    def hrr_accept_ech?
+      hrr_ech = @transcript[HRR]
+                .first
+                .extensions[Message::ExtensionType::ENCRYPTED_CLIENT_HELLO]
+      hrr_accept_confirmation == hrr_ech.confirmation
+    end
   end
   # rubocop: enable Metrics/ClassLength
 end

data/lib/tttls1.3/message/alert.rb

@@ -36,7 +36,8 @@ module TTTLS13
       bad_certificate_status_response: "\x71",
       unknown_psk_identity:            "\x73",
       certificate_required:            "\x74",
-      no_application_protocol:         "\x78"
+      no_application_protocol:         "\x78",
+      ech_required:                    "\x79"
     }.freeze
     # rubocop: enable Layout/HashAlignment
 

data/lib/tttls1.3/message/client_hello.rb

@@ -31,7 +31,8 @@ module TTTLS13
       ExtensionType::CERTIFICATE_AUTHORITIES,
       ExtensionType::POST_HANDSHAKE_AUTH,
       ExtensionType::SIGNATURE_ALGORITHMS_CERT,
-      ExtensionType::KEY_SHARE
+      ExtensionType::KEY_SHARE,
+      ExtensionType::ENCRYPTED_CLIENT_HELLO
     ].freeze
     private_constant :APPEARABLE_CH_EXTENSIONS
 

data/lib/tttls1.3/message/encrypted_extensions.rb

@@ -15,7 +15,8 @@ module TTTLS13
       ExtensionType::CLIENT_CERTIFICATE_TYPE,
       ExtensionType::SERVER_CERTIFICATE_TYPE,
       ExtensionType::RECORD_SIZE_LIMIT,
-      ExtensionType::EARLY_DATA
+      ExtensionType::EARLY_DATA,
+      ExtensionType::ENCRYPTED_CLIENT_HELLO
     ].freeze
     private_constant :APPEARABLE_EE_EXTENSIONS
 

data/lib/tttls1.3/message/extension/alpn.rb

@@ -19,7 +19,7 @@ module TTTLS13
         # https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids
         def initialize(protocol_name_list)
           @extension_type \
-          = ExtensionType::APPLICATION_LAYER_PROTOCOL_NEGOTIATION
+            = ExtensionType::APPLICATION_LAYER_PROTOCOL_NEGOTIATION
           @protocol_name_list = protocol_name_list || []
           raise Error::ErrorAlerts, :internal_error \
             if @protocol_name_list.empty?
@@ -27,10 +27,9 @@ module TTTLS13
 
         # @return [String]
         def serialize
-          binary = @protocol_name_list
-                   .map(&:prefix_uint8_length)
-                   .join
-                   .prefix_uint16_length
+          binary = @protocol_name_list.map(&:prefix_uint8_length)
+                                      .join
+                                      .prefix_uint16_length
 
           @extension_type + binary.prefix_uint16_length
         end

data/lib/tttls1.3/message/extension/compress_certificate.rb

@@ -11,7 +11,7 @@ module TTTLS13
         # ZSTD   = "\x00\x03" # UNSUPPORTED
       end
 
-      # https://tools.ietf.org/html/rfc8879
+      # https://datatracker.ietf.org/doc/html/rfc8879
       class CompressCertificate
         attr_reader :extension_type
         attr_reader :algorithms

data/lib/tttls1.3/message/extension/ech.rb

@@ -0,0 +1,241 @@
+# encoding: ascii-8bit
+# frozen_string_literal: true
+
+module TTTLS13
+  using Refinements
+  HpkeSymmetricCipherSuite = \
+    ECHConfig::ECHConfigContents::HpkeKeyConfig::HpkeSymmetricCipherSuite
+  module Message
+    module Extension
+      module ECHClientHelloType
+        OUTER = "\x00"
+        INNER = "\x01"
+      end
+
+      # NOTE:
+      #     struct {
+      #         ECHClientHelloType type;
+      #         select (ECHClientHello.type) {
+      #             case outer:
+      #                 HpkeSymmetricCipherSuite cipher_suite;
+      #                 uint8 config_id;
+      #                 opaque enc<0..2^16-1>;
+      #                 opaque payload<1..2^16-1>;
+      #             case inner:
+      #                 Empty;
+      #         };
+      #     } ECHClientHello;
+      class ECHClientHello
+        attr_accessor :extension_type
+        attr_accessor :type
+        attr_accessor :cipher_suite
+        attr_accessor :config_id
+        attr_accessor :enc
+        attr_accessor :payload
+
+        # @param type [TTTLS13::Message::Extension::ECHClientHelloType]
+        # @param cipher_suite [HpkeSymmetricCipherSuite]
+        # @param config_id [Integer]
+        # @param enc [String]
+        # @param payload [String]
+        def initialize(type:,
+                       cipher_suite: nil,
+                       config_id: nil,
+                       enc: nil,
+                       payload: nil)
+          @extension_type = ExtensionType::ENCRYPTED_CLIENT_HELLO
+          @type = type
+          @cipher_suite = cipher_suite
+          raise Error::ErrorAlerts, :internal_error \
+            if @type == ECHClientHelloType::OUTER && \
+               !@cipher_suite.is_a?(HpkeSymmetricCipherSuite)
+
+          @config_id = config_id
+          @enc = enc
+          @payload = payload
+        end
+
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        #
+        # @return [String]
+        def serialize
+          case @type
+          when ECHClientHelloType::OUTER
+            binary = @type + @cipher_suite.encode + @config_id.to_uint8 \
+                     + @enc.prefix_uint16_length + @payload.prefix_uint16_length
+          when ECHClientHelloType::INNER
+            binary = @type
+          else
+            raise Error::ErrorAlerts, :internal_error
+          end
+
+          @extension_type + binary.prefix_uint16_length
+        end
+
+        # @param binary [String]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        #
+        # @return [TTTLS13::Message::Extensions::ECHClientHello]
+        def self.deserialize(binary)
+          raise Error::ErrorAlerts, :internal_error \
+            if binary.nil? || binary.empty?
+
+          case binary[0]
+          when ECHClientHelloType::OUTER
+            return deserialize_outer_ech(binary[1..])
+          when ECHClientHelloType::INNER
+            return deserialize_inner_ech(binary[1..])
+          end
+
+          raise Error::ErrorAlerts, :internal_error
+        end
+
+        class << self
+          private
+
+          # @param binary [String]
+          #
+          # @raise [TTTLS13::Error::ErrorAlerts]
+          #
+          # @return [TTTLS13::Message::Extensions::ECHClientHello]
+          def deserialize_outer_ech(binary)
+            raise Error::ErrorAlerts, :internal_error \
+              if binary.nil? || binary.length < 5
+
+            kdf_id = \
+              HpkeSymmetricCipherSuite::HpkeKdfId.decode(binary.slice(0, 2))
+            aead_id = \
+              HpkeSymmetricCipherSuite::HpkeAeadId.decode(binary.slice(2, 2))
+            cs = HpkeSymmetricCipherSuite.new(kdf_id, aead_id)
+            cid = Convert.bin2i(binary.slice(4, 1))
+            enc_len = Convert.bin2i(binary.slice(5, 2))
+            i = 7
+            raise Error::ErrorAlerts, :internal_error \
+              if i + enc_len > binary.length
+
+            enc = binary.slice(i, enc_len)
+            i += enc_len
+            raise Error::ErrorAlerts, :internal_error \
+              if i + 2 > binary.length
+
+            payload_len = Convert.bin2i(binary.slice(i, 2))
+            raise Error::ErrorAlerts, :internal_error \
+              if i + payload_len > binary.length
+
+            payload = binary.slice(i, payload_len)
+            ECHClientHello.new(
+              type: ECHClientHelloType::OUTER,
+              cipher_suite: cs,
+              config_id: cid,
+              enc: enc,
+              payload: payload
+            )
+          end
+
+          # @param binary [String]
+          #
+          # @raise [TTTLS13::Error::ErrorAlerts]
+          #
+          # @return [TTTLS13::Message::Extensions::ECHClientHello]
+          def deserialize_inner_ech(binary)
+            raise Error::ErrorAlerts, :internal_error unless binary.empty?
+
+            ECHClientHello.new(type: ECHClientHelloType::INNER)
+          end
+        end
+
+        # @return [TTTLS13::Message::Extensions::ECHClientHello]
+        def self.new_inner
+          ECHClientHello.new(type: ECHClientHelloType::INNER)
+        end
+
+        # @param cipher_suite [HpkeSymmetricCipherSuite]
+        # @param config_id [Integer]
+        # @param enc [String]
+        # @param payload [String]
+        #
+        # @return [TTTLS13::Message::Extensions::ECHClientHello]
+        def self.new_outer(cipher_suite:, config_id:, enc:, payload:)
+          ECHClientHello.new(
+            type: ECHClientHelloType::OUTER,
+            cipher_suite: cipher_suite,
+            config_id: config_id,
+            enc: enc,
+            payload: payload
+          )
+        end
+      end
+
+      # NOTE:
+      #     struct {
+      #         ECHConfigList retry_configs;
+      #     } ECHEncryptedExtensions;
+      class ECHEncryptedExtensions
+        attr_accessor :extension_type
+        attr_accessor :retry_configs
+
+        # @param retry_configs [Array of ECHConfig]
+        def initialize(retry_configs)
+          @extension_type = ExtensionType::ENCRYPTED_CLIENT_HELLO
+          @retry_configs = retry_configs
+        end
+
+        # @return [String]
+        def serialize
+          @extension_type + @retry_configs.map(&:encode)
+                                          .join
+                                          .prefix_uint16_length
+                                          .prefix_uint16_length
+        end
+
+        # @param binary [String]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        #
+        # @return [TTTLS13::Message::Extensions::ECHEncryptedExtensions]
+        def self.deserialize(binary)
+          raise Error::ErrorAlerts, :decode_error \
+            if binary.nil? ||
+               binary.length != binary.slice(0, 2).unpack1('n') + 2
+
+          ECHEncryptedExtensions.new(
+            ECHConfig.decode_vectors(binary.slice(2..))
+          )
+        end
+      end
+
+      # NOTE:
+      #     struct {
+      #         opaque confirmation[8];
+      #     } ECHHelloRetryRequest;
+      class ECHHelloRetryRequest
+        attr_accessor :extension_type
+        attr_accessor :confirmation
+
+        # @param confirmation [String]
+        def initialize(confirmation)
+          @extension_type = ExtensionType::ENCRYPTED_CLIENT_HELLO
+          @confirmation = confirmation
+        end
+
+        # @return [String]
+        def serialize
+          @extension_type + @confirmation.prefix_uint16_length
+        end
+
+        # @param binary [String]
+        #
+        # @raise [TTTLS13::Error::ErrorAlerts]
+        #
+        # @return [TTTLS13::Message::Extensions::ECHHelloRetryRequest]
+        def self.deserialize(binary)
+          raise Error::ErrorAlerts, :decode_error \
+            if binary.nil? || binary.length != 8
+
+          ECHHelloRetryRequest.new(binary)
+        end
+      end
+    end
+  end
+end

data/lib/tttls1.3/message/extension/server_name.rb

@@ -15,7 +15,7 @@ module TTTLS13
       #
       # 00 00 00 00
       #
-      # https://tools.ietf.org/html/rfc6066#section-3
+      # https://datatracker.ietf.org/doc/html/rfc6066#section-3
       class ServerName
         attr_reader :extension_type
         attr_reader :server_name

data/lib/tttls1.3/message/extensions.rb

@@ -7,6 +7,7 @@ Dir[File.dirname(__FILE__) + '/extension/*.rb'].sort.each { |f| require f }
 module TTTLS13
   using Refinements
   module Message
+    # rubocop: disable Metrics/ClassLength
     class Extensions < Hash
       # @param extensions [Array of TTTLS13::Message::Extension::$Object]
       #
@@ -119,6 +120,7 @@ module TTTLS13
         # @raise [TTTLS13::Error::ErrorAlerts]
         #
         # @return [TTTLS13::Message::Extension::$Object, nil]
+        # rubocop: disable Metrics/AbcSize
         # rubocop: disable Metrics/CyclomaticComplexity
         # rubocop: disable Metrics/MethodLength
         # rubocop: disable Metrics/PerceivedComplexity
@@ -130,14 +132,12 @@ module TTTLS13
             Extension::ServerName.deserialize(binary)
           when ExtensionType::STATUS_REQUEST
             if msg_type == HandshakeType::CLIENT_HELLO
-              return Extension::OCSPStatusRequest.deserialize(binary)
+              Extension::OCSPStatusRequest.deserialize(binary)
+            elsif msg_type == HandshakeType::CERTIFICATE
+              Extension::OCSPResponse.deserialize(binary)
+            else
+              Extension::UnknownExtension.deserialize(binary, extension_type)
             end
-
-            if msg_type == HandshakeType::CERTIFICATE
-              return Extension::OCSPResponse.deserialize(binary)
-            end
-
-            Extension::UnknownExtension.deserialize(binary, extension_type)
           when ExtensionType::SUPPORTED_GROUPS
             Extension::SupportedGroups.deserialize(binary)
           when ExtensionType::SIGNATURE_ALGORITHMS
@@ -162,14 +162,27 @@ module TTTLS13
             Extension::SignatureAlgorithmsCert.deserialize(binary)
           when ExtensionType::KEY_SHARE
             Extension::KeyShare.deserialize(binary, msg_type)
+          when ExtensionType::ENCRYPTED_CLIENT_HELLO
+            case msg_type
+            when HandshakeType::CLIENT_HELLO
+              Extension::ECHClientHello.deserialize(binary)
+            when HandshakeType::ENCRYPTED_EXTENSIONS
+              Extension::ECHEncryptedExtensions.deserialize(binary)
+            when HandshakeType::HELLO_RETRY_REQUEST
+              Extension::ECHHelloRetryRequest.deserialize(binary)
+            else
+              Extension::UnknownExtension.deserialize(binary, extension_type)
+            end
           else
             Extension::UnknownExtension.deserialize(binary, extension_type)
           end
         end
+        # rubocop: enable Metrics/AbcSize
         # rubocop: enable Metrics/CyclomaticComplexity
         # rubocop: enable Metrics/MethodLength
         # rubocop: enable Metrics/PerceivedComplexity
       end
     end
+    # rubocop: enable Metrics/ClassLength
   end
 end

data/lib/tttls1.3/message/record.rb

@@ -3,7 +3,7 @@
 module TTTLS13
   using Refinements
   module Message
-    # https://tools.ietf.org/html/rfc8449#section-4
+    # https://datatracker.ietf.org/doc/html/rfc8449#section-4
     DEFAULT_RECORD_SIZE_LIMIT = 2**14 + 1
 
     # rubocop: disable Metrics/ClassLength

data/lib/tttls1.3/message/server_hello.rb

@@ -17,7 +17,8 @@ module TTTLS13
       ExtensionType::COOKIE,
       ExtensionType::PASSWORD_SALT,
       ExtensionType::SUPPORTED_VERSIONS,
-      ExtensionType::KEY_SHARE
+      ExtensionType::KEY_SHARE,
+      ExtensionType::ENCRYPTED_CLIENT_HELLO
     ].freeze
     private_constant :APPEARABLE_HRR_EXTENSIONS
 
@@ -61,7 +62,6 @@ module TTTLS13
         @cipher_suite = cipher_suite
         @legacy_compression_method = legacy_compression_method
         @extensions = extensions
-        @hrr = (random == HRR_RANDOM)
       end
       # rubocop: enable Metrics/ParameterLists
 
@@ -108,10 +108,8 @@ module TTTLS13
         exs_bin = binary.slice(i, exs_len)
         if random == HRR_RANDOM
           msg_type = HandshakeType::HELLO_RETRY_REQUEST
-          @hrr = true
         else
           msg_type = HandshakeType::SERVER_HELLO
-          @hrr = false
         end
         extensions = Extensions.deserialize(exs_bin, msg_type)
         i += exs_len
@@ -132,7 +130,7 @@ module TTTLS13
 
       # @return [Boolean]
       def hrr?
-        @hrr
+        @random == HRR_RANDOM
       end
 
       # @return [Boolean]

data/lib/tttls1.3/message.rb

@@ -27,7 +27,7 @@ module TTTLS13
       HELLO_VERIFY_REQUEST   = "\x03" # RESERVED
       NEW_SESSION_TICKET     = "\x04"
       END_OF_EARLY_DATA      = "\x05"
-      HELLO_RETRY_REQUEST    = "\x06" # RESERVED
+      HELLO_RETRY_REQUEST    = "\x06"
       ENCRYPTED_EXTENSIONS   = "\x08"
       CERTIFICATE            = "\x0b"
       SERVER_KEY_EXCHANGE    = "\x0c" # RESERVED
@@ -72,6 +72,8 @@ module TTTLS13
       POST_HANDSHAKE_AUTH                    = "\x00\x31"
       SIGNATURE_ALGORITHMS_CERT              = "\x00\x32"
       KEY_SHARE                              = "\x00\x33"
+      # https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-17#section-11.1
+      ENCRYPTED_CLIENT_HELLO                 = "\xfe\x0d"
     end
 
     DEFINED_EXTENSIONS = ExtensionType.constants.map do |c|

data/lib/tttls1.3/named_group.rb

@@ -64,7 +64,7 @@ module TTTLS13
       # secp384r1   |               |   NIST P-384
       # secp521r1   |               |   NIST P-521
       #
-      # https://tools.ietf.org/html/rfc4492#appendix-A
+      # https://datatracker.ietf.org/doc/html/rfc4492#appendix-A
       #
       # @param groups [Array of TTTLS13::Message::Extension::NamedGroup]
       #

data/lib/tttls1.3/server.rb

@@ -136,7 +136,7 @@ module TTTLS13
     #                                v
     #                            CONNECTED
     #
-    # https://tools.ietf.org/html/rfc8446#appendix-A.2
+    # https://datatracker.ietf.org/doc/html/rfc8446#appendix-A.2
     #
     # rubocop: disable Metrics/AbcSize
     # rubocop: disable Metrics/BlockLength