diff options
| author | jsing <> | 2020-05-11 17:49:46 +0000 |
|---|---|---|
| committer | jsing <> | 2020-05-11 17:49:46 +0000 |
| commit | 28b584ddd2d0a41bceacbb1c350d790e3a39cd75 (patch) | |
| tree | 493b8c6a329a99e4cf225e642760a3217adc86ee /src/lib/libssl/tls13_server.c | |
| parent | 7c5ba230fb08375f5c6d8d074afcf25d0fdb429c (diff) | |
| download | openbsd-28b584ddd2d0a41bceacbb1c350d790e3a39cd75.tar.gz openbsd-28b584ddd2d0a41bceacbb1c350d790e3a39cd75.tar.bz2 openbsd-28b584ddd2d0a41bceacbb1c350d790e3a39cd75.zip | |
Set the record layer legacy version from the TLSv1.3 server.
This will be used to handle record version checks.
ok tb@
Diffstat (limited to 'src/lib/libssl/tls13_server.c')
| -rw-r--r-- | src/lib/libssl/tls13_server.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index 1c286f573e..ec612df90e 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_server.c,v 1.44 2020/05/11 17:23:35 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_server.c,v 1.45 2020/05/11 17:49:46 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> | 4 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> |
| @@ -37,6 +37,8 @@ tls13_server_init(struct tls13_ctx *ctx) | |||
| 37 | if (!ssl_get_new_session(s, 0)) /* XXX */ | 37 | if (!ssl_get_new_session(s, 0)) /* XXX */ |
| 38 | return 0; | 38 | return 0; |
| 39 | 39 | ||
| 40 | tls13_record_layer_set_legacy_version(ctx->rl, TLS1_VERSION); | ||
| 41 | |||
| 40 | if (!tls1_transcript_init(s)) | 42 | if (!tls1_transcript_init(s)) |
| 41 | return 0; | 43 | return 0; |
| 42 | 44 | ||
| @@ -183,6 +185,8 @@ tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs) | |||
| 183 | if (s->method->internal->version < TLS1_3_VERSION) | 185 | if (s->method->internal->version < TLS1_3_VERSION) |
| 184 | return 1; | 186 | return 1; |
| 185 | 187 | ||
| 188 | tls13_record_layer_set_legacy_version(ctx->rl, TLS1_2_VERSION); | ||
| 189 | |||
| 186 | /* | 190 | /* |
| 187 | * If a matching key share was provided, we do not need to send a | 191 | * If a matching key share was provided, we do not need to send a |
| 188 | * HelloRetryRequest. | 192 | * HelloRetryRequest. |