Back out server side CCS sending. It breaks TLSv1.3 client communication

with TLSv1.2 servers, since it makes clients send their dummy CCS too
early...  There's an obvious but dirty bandaid which I can't bring myself
to applying - this business is already disgusting enough.

Issue found the hard way by sthen

1 files changed, 1 insertions, 24 deletions

diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 5e2711d4d4..0b040fb51d 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.39 2020/05/09 16:43:05 tb Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.40 2020/05/09 20:38:19 tb Exp $ */
 /*
  * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -335,20 +335,6 @@ tls13_server_hello_retry_request_send(struct tls13_ctx *ctx, CBB *cbb)
 }
 
 int
-tls13_server_hello_retry_request_sent(struct tls13_ctx *ctx)
-{
-        /*
-         * If the client has requested middlebox compatibility mode,
-         * we MUST send a dummy CCS following our first handshake message.
-         * See RFC 8446 Appendix D.4.
-         */
-        if (ctx->hs->legacy_session_id_len > 0)
-                ctx->send_dummy_ccs = 1;
-
-        return 1;
-}
-
-int
 tls13_client_hello_retry_recv(struct tls13_ctx *ctx, CBS *cbs)
 {
         SSL *s = ctx->ssl;
@@ -382,15 +368,6 @@ tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb)
 int
 tls13_server_hello_sent(struct tls13_ctx *ctx)
 {
-        /*
-         * If the client has requested middlebox compatibility mode,
-         * we MUST send a dummy CCS following our first handshake message.
-         * See RFC 8446 Appendix D.4.
-         */
-        if ((ctx->handshake_stage.hs_type & WITHOUT_HRR) &&
-            ctx->hs->legacy_session_id_len > 0)
-                ctx->send_dummy_ccs = 1;
-
         return tls13_server_engage_record_protection(ctx);
 }