Ignore the record version for early alerts - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2021-06-08 18:05:47 +0000
committer	tb <>	2021-06-08 18:05:47 +0000
commit	183dc316a669d210cf5f47b850a5fc7823c6443d (patch)
tree	baf0ce8b9a1d2566f342f9d10da1ff3691b0be7d /src/lib/libcrypto
parent	720abb9265f274966faea878c7359724d7a08ba6 (diff)
download	openbsd-183dc316a669d210cf5f47b850a5fc7823c6443d.tar.gz openbsd-183dc316a669d210cf5f47b850a5fc7823c6443d.tar.bz2 openbsd-183dc316a669d210cf5f47b850a5fc7823c6443d.zip

Ignore the record version for early alerts

On receiving the first flight from the peer, we do not yet know if we are using TLSv1.3. In particular, we might get an alert record with record version 0x0300 from a pre-TLSv1.2 peer in response to our client hello. Ignore the record version instead of sending a protocol version alert in that situtation. This may also be hit when talking to a LibreSSL 3.3 server with an illegal SNI. Part of an issue reported by danj. ok jsing

Diffstat (limited to 'src/lib/libcrypto')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: