Provide a way to determine our maximum legacy version. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	jsing <>	2021-10-23 14:40:54 +0000
committer	jsing <>	2021-10-23 14:40:54 +0000
commit	e225ef6f6dede36e99d00cc89f0ea8c7da355d25 (patch)
tree	ce6df35f3dc86483e4bf5fb3d4d1a4ada8d56b08 /src/lib/libssl/tls12_record_layer.c
parent	8df330f8ab4894190007c25d1efe71e7f5c58383 (diff)
download	openbsd-e225ef6f6dede36e99d00cc89f0ea8c7da355d25.tar.gz openbsd-e225ef6f6dede36e99d00cc89f0ea8c7da355d25.tar.bz2 openbsd-e225ef6f6dede36e99d00cc89f0ea8c7da355d25.zip

Provide a way to determine our maximum legacy version.

With the introduction of TLSv1.3, we need the ability to determine our maximum legacy version and to track our peer's maximum legacy version. This is needed for both the TLS record layer when using TLSv1.3, plus it is needed for RSA key exhange in TLS prior to TLSv1.3, where the maximum legacy version is incorporated in the pre-master secret to avoid downgrade attacks. This unbreaks RSA KEX for the TLS client when the non-version specific method is used with TLSv1.0 or TLSv1.1 (clearly no one does this). ok tb@

Diffstat (limited to 'src/lib/libssl/tls12_record_layer.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: