Skip to main content

3.3.1. TLS Extension

3.3.1. TLS Extension

The SCT can be sent during the TLS handshake using a TLS extension with type "signed_certificate_timestamp".

Clients that support the extension SHOULD send a ClientHello extension with the appropriate type and empty "extension_data".

Servers MUST only send SCTs to clients who have indicated support for the extension in the ClientHello, in which case the SCTs are sent by setting the "extension_data" to a "SignedCertificateTimestampList".

Session resumption uses the original session information: clients SHOULD include the extension type in the ClientHello, but if the session is resumed, the server is not expected to process it or include the extension in the ServerHello.

Last updated on