keyshare

About this tag
The keyshare tag on WindowsForum.com covers discussions about TLS 1.3 key exchange mechanisms, particularly the key_share extension used during handshakes. Recent content highlights a bug designated CVE-2026-2673, where an OpenSSL server may select an unexpected key-agreement group in a HelloRetryRequest, leading to interoperability failures. This issue involves unsupported groups being placed into the key_share exchange, causing handshake failures for clients. The tag also references related CVEs in other TLS stacks, emphasizing the importance of correct key_share handling for secure and compatible TLS 1.3 implementations.
  1. TLS 1.3 HRR Key Share Bug CVE-2026-2673: Interop Failures and Fixes

    A subtle but consequential TLS 1.3 implementation issue is circulating under the label CVE-2026-2673 — described as an OpenSSL behavior in which a TLS 1.3 server can select an unexpected key‑agreement group (and even place an unsupported group into the HelloRetryRequest/key_share exchange)...