<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}] or Hello Retry Request is a [TLS 1.3] message sent by the [server] will send this message in response to a [ClientHello] message if it is able to find an acceptable set of parameters but the [ClientHello] does __not__ contain sufficient information to proceed with the [TLS Handshake].

   Structure of this message:
%%prettify 
{{{
      struct {
          ProtocolVersion server_version;
          CipherSuite cipher_suite;
          Extension extensions&lt;2..2^16-1&gt;;
      } HelloRetryRequest;
}}} /%

The version, [cipher_suite], and [extensions|TLS extension] fields have the same meanings as their corresponding values in the [ServerHello].  The server [SHOULD] send only the [extensions|TLS extension] necessary for the [client] to
   generate a correct [ClientHello] pair.  As with [ServerHello], a [{$pagename}] [MUST NOT] contain any extensions that were not first offered by the [client] in its [ClientHello], with the exception of optionally the &quot;cookie&quot; (see Section 4.2.2) extension.

Upon receipt of a  [{$pagename}], the [client] [MUST] verify that the extensions block is not empty and otherwise [MUST] abort the [TLS Handshake] with a &quot;[decode_error]&quot; alert.  [Clients] [MUST] abort the [TLS Handshake] with an &quot;[illegal_parameter]&quot; alert if the  [{$pagename}] would not result in any change in the [ClientHello].  If a [client] receives a second  [{$pagename}] in the same connection (i.e., where the  [ClientHello] was itself in response to a  [{$pagename}]), it [MUST] abort the handshake with an &quot;[unexpected_message]&quot; alert.

Otherwise, the client [MUST] process all [extensions|TLS extension] in the  [{$pagename}] and send a second updated [ClientHello].  The  [{$pagename}] extensions defined in this specification are:
* cookie (see Section 4.2.2)
* key_share (see Section 4.2.7)

In addition, in its updated [ClientHello], the client [SHOULD NOT] offer any pre-shared keys associated with a hash other than that of the selected cipher suite.  This allows the client to avoid having to compute partial hash transcripts for multiple hashes in the second [ClientHello].  A [client] which receives a cipher suite that was not offered [MUST] abort the handshake.  Servers MUST ensure that they negotiate the same cipher suite when receiving a conformant updated [ClientHello] (if the server selects the cipher suite as the first step in the negotiation, then this will happen automatically).  Upon receiving the [ServerHello], clients [MUST] check that the cipher suite supplied in the [ServerHello] is the same as that in the [{$pagename}] and otherwise abort the handshake with an &quot;[illegal_parameter]&quot; [TLS Alert Messages].

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
</pre>