TLSv1.3 servers that intend to downgrade are required to set the last - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2020-03-06 16:31:30 +0000
committer	tb <>	2020-03-06 16:31:30 +0000
commit	b45fe405c275184a592f345ffae87ebe84f526c9 (patch)
tree	a651d369793dfeaba4db323fa66c76dc4b761c94 /src/lib/libssl/ssl_clnt.c
parent	b112788885dac0be8d46296a88f6713f8e4fccd0 (diff)
download	openbsd-b45fe405c275184a592f345ffae87ebe84f526c9.tar.gz openbsd-b45fe405c275184a592f345ffae87ebe84f526c9.tar.bz2 openbsd-b45fe405c275184a592f345ffae87ebe84f526c9.zip

TLSv1.3 servers that intend to downgrade are required to set the last

eight bytes of the server's random to a magic cookie (RFC 8446, 4.1.3). The TLSv1.3 spec changes the TLSv1.2 spec in that it recommends that TLSv1.2 servers that negotiate TLSv1.1 or below do the same. This gives a limited additional protection against downgrade attacks beyond what is already present in the Finished exchange. The TLSv1.3 part was already implemented in Hobart and can be trivially modified to do the TLSv1.2 bit as well. ok inoguchi, jsing

Diffstat (limited to 'src/lib/libssl/ssl_clnt.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: