TLSv1.3 servers that intend to downgrade are required to set the last - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2020-03-06 16:31:30 +0000
committer	tb <>	2020-03-06 16:31:30 +0000
commit	6326e46ece7f938469b33d5f69c4d12688618e6e (patch)
tree	a651d369793dfeaba4db323fa66c76dc4b761c94 /src/lib/libssl/tls13_buffer.c
parent	26ef5580166bc8d9119f867542fa40e12a4b18a4 (diff)
download	openbsd-6326e46ece7f938469b33d5f69c4d12688618e6e.tar.gz openbsd-6326e46ece7f938469b33d5f69c4d12688618e6e.tar.bz2 openbsd-6326e46ece7f938469b33d5f69c4d12688618e6e.zip

TLSv1.3 servers that intend to downgrade are required to set the last

eight bytes of the server's random to a magic cookie (RFC 8446, 4.1.3). The TLSv1.3 spec changes the TLSv1.2 spec in that it recommends that TLSv1.2 servers that negotiate TLSv1.1 or below do the same. This gives a limited additional protection against downgrade attacks beyond what is already present in the Finished exchange. The TLSv1.3 part was already implemented in Hobart and can be trivially modified to do the TLSv1.2 bit as well. ok inoguchi, jsing

Diffstat (limited to 'src/lib/libssl/tls13_buffer.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: