Ignore the record version for early alerts - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2021-06-08 18:05:47 +0000
committer	tb <>	2021-06-08 18:05:47 +0000
commit	5e40361f52e569489bab5178da12a7f75baeec10 (patch)
tree	baf0ce8b9a1d2566f342f9d10da1ff3691b0be7d /src/lib/libssl/tls13_client.c
parent	b39ce482fae77d674aecee10501eac52e873ebca (diff)
download	openbsd-5e40361f52e569489bab5178da12a7f75baeec10.tar.gz openbsd-5e40361f52e569489bab5178da12a7f75baeec10.tar.bz2 openbsd-5e40361f52e569489bab5178da12a7f75baeec10.zip

Ignore the record version for early alerts

On receiving the first flight from the peer, we do not yet know if we are using TLSv1.3. In particular, we might get an alert record with record version 0x0300 from a pre-TLSv1.2 peer in response to our client hello. Ignore the record version instead of sending a protocol version alert in that situtation. This may also be hit when talking to a LibreSSL 3.3 server with an illegal SNI. Part of an issue reported by danj. ok jsing

Diffstat (limited to 'src/lib/libssl/tls13_client.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: