Send dummy ChangeCipherSpec messages from the TLSv1.3 server - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2020-05-10 17:13:30 +0000
committer	tb <>	2020-05-10 17:13:30 +0000
commit	42977f0c5dfb5d699fb459f527b85ca475cd30aa (patch)
tree	9b324a09d611e1d490ffe26c5e54d2031501ff81 /src/lib/libssl/tls13_lib.c
parent	986d1aef11f23f35017e61c5933913ff8e189d57 (diff)
download	openbsd-42977f0c5dfb5d699fb459f527b85ca475cd30aa.tar.gz openbsd-42977f0c5dfb5d699fb459f527b85ca475cd30aa.tar.bz2 openbsd-42977f0c5dfb5d699fb459f527b85ca475cd30aa.zip

Send dummy ChangeCipherSpec messages from the TLSv1.3 server

If the client has requested middle box compatibility mode by sending a non-empty legacy_session_id, the server must send a dummy CCS right after its first handshake message. This means right after ServerHello or HelloRetryRequest. Two important improvements over the backed-out diffr: make sure that First: client and server can send their dummy CCS at the correct moment (right before the next flight or right after the current flight). Second: as jsing noted, we also need to deal with the corner case that tls13_send_dummy_ccs() can return TLS13_IO_WANT_POLLOUT. with/ok jsing

Diffstat (limited to 'src/lib/libssl/tls13_lib.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: