RFC 8446, "The Transport Layer Security (TLS) Protocol Version 1.3", August 2018

Errata ID: 6124
Status: Reported
Type: Editorial
Publication Format(s) : TEXT
Reported By: Ben Smyth
Date Reported: 2020-04-24

Section 2 says:

   In the Key Exchange phase, the client sends the ClientHello                  
   (Section 4.1.2) message, which contains a random nonce                       
   (ClientHello.random); its offered protocol versions; a list of               
   symmetric cipher/HKDF hash pairs; either a set of Diffie-Hellman key         
   shares (in the "key_share" (Section 4.2.8) extension), a set of              
   pre-shared key labels (in the "pre_shared_key" (Section 4.2.11)              
   extension), or both; and potentially additional extensions.   

It should say:

   In the Key Exchange phase, the client sends the ClientHello                  
   (Section 4.1.2) message, which contains a random nonce                       
   (ClientHello.random); its offered protocol versions; a list of               
   symmetric cipher/Hash algorithm pairs; either a set of Diffie-Hellman key         
   shares (in the "key_share" (Section 4.2.8) extension), a set of              
   pre-shared key labels (in the "pre_shared_key" (Section 4.2.11)              
   extension), or both; and potentially additional extensions.   

or

   In the Key Exchange phase, the client sends the ClientHello                  
   (Section 4.1.2) message, which contains a random nonce                       
   (ClientHello.random); its offered protocol versions; a list of               
   symmetric cipher/Hash algorithm (to be used with HKDF) pairs; either a set of Diffie-Hellman key         
   shares (in the "key_share" (Section 4.2.8) extension), a set of              
   pre-shared key labels (in the "pre_shared_key" (Section 4.2.11)              
   extension), or both; and potentially additional extensions.   

Report New Errata