Be stricter with middlebox compatibility mode in the TLSv1.3 server. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	jsing <>	2022-09-11 14:39:44 +0000
committer	jsing <>	2022-09-11 14:39:44 +0000
commit	18e969fcaab4b90e355dfa70b51b5b8f82050f0b (patch)
tree	0b3acb08b7157ce938fb3a4b4f14dbaea5a166ad /src/lib/libssl/ssl_versions.c
parent	0ce983d909a52ac43f5a552e4fd367d06492b96f (diff)
download	openbsd-18e969fcaab4b90e355dfa70b51b5b8f82050f0b.tar.gz openbsd-18e969fcaab4b90e355dfa70b51b5b8f82050f0b.tar.bz2 openbsd-18e969fcaab4b90e355dfa70b51b5b8f82050f0b.zip

Be stricter with middlebox compatibility mode in the TLSv1.3 server.

Only allow a TLSv1.3 client to request middlebox compatibility mode if this is permitted. Ensure that the legacy session identifier is either zero length or 32 bytes in length. Additionally, only allow CCS messages on the server side if the client actually requested middlebox compatibility mode. ok tb@

Diffstat (limited to 'src/lib/libssl/ssl_versions.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: