By design, our state machine is a DAG contrary to the state machine in - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2019-04-05 20:23:38 +0000
committer	tb <>	2019-04-05 20:23:38 +0000
commit	c2876e8ba1959b3e0627d20de447c1449f8294da (patch)
tree	6f5b00fafa4585971679b89854e3ba9289deccf5 /src/lib/libssl/ssl_versions.c
parent	a98b4eba250f598d6a0d68257edc1e04e6374565 (diff)
download	openbsd-c2876e8ba1959b3e0627d20de447c1449f8294da.tar.gz openbsd-c2876e8ba1959b3e0627d20de447c1449f8294da.tar.bz2 openbsd-c2876e8ba1959b3e0627d20de447c1449f8294da.zip

By design, our state machine is a DAG contrary to the state machine in

the spec. To avoid the obvious loop in the RFC's state machine, we added a CLIENT_HELLO_RETRY state which is a second ClientHello with special rules. There is, however, no state to react to this second client hello. This adds a matching SERVER_HELLO_RETRY state to the handshakes table. This means in particular that the WITH_HRR state cannot be set in tls13_server_hello_recv(), so remove this now dead check. ok jsing

Diffstat (limited to 'src/lib/libssl/ssl_versions.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: