summaryrefslogtreecommitdiff
path: root/src/lib/libtls/tls.c
diff options
context:
space:
mode:
authorjsing <>2020-05-23 12:14:52 +0000
committerjsing <>2020-05-23 12:14:52 +0000
commit376f7cd4ff57d86e2fe3810b425a9f667e8798ad (patch)
tree60cd63af02518263d04efd897d1ae75ecf39dbb3 /src/lib/libtls/tls.c
parentb7886785c522527763ee1154ed9eb1f384cb90fe (diff)
downloadopenbsd-376f7cd4ff57d86e2fe3810b425a9f667e8798ad.tar.gz
openbsd-376f7cd4ff57d86e2fe3810b425a9f667e8798ad.tar.bz2
openbsd-376f7cd4ff57d86e2fe3810b425a9f667e8798ad.zip
Enable SSL_MODE_AUTO_RETRY by default.
In TLSv1.2 and earlier, when an application goes to read application data, handshake messages may be received instead, when the peer has triggered renegotation. A similar thing occurs in TLSv1.3 when key updates are triggered or the server sends new session tickets. Due to the SSL_read() API there is no way to indicate that we got no application data, instead after processing the in-band handshake messages it would be normal to return SSL_ERROR_WANT_READ and have the caller call SSL_read() again. However, various applications expect SSL_read() to return with either application data or a fatal error, when used on a blocking socket. These applications do not play well with TLSv1.3 post-handshake handshake messages (PHH), as they fail to handle SSL_ERROR_WANT_READ. The same code is also broken in the case of a TLSv1.2 or older renegotiation, however these are less likely to be encountered. Such code should set SSL_MODE_AUTO_RETRY in order to avoid these issues. Contrary to the naming, SSL_MODE_AUTO_RETRY does not actually retry in every case - it retries following handshake messages in the application data stream (i.e. renegotiation and PHH messages). This works around the unretried SSL_read() on a blocking socket case, however in the case where poll/select is used with blocking sockets, the retry will likely result in the read blocking after the handshake messages are processed. Rather than pushing for broken code to be fixed, OpenSSL decided to enable SSL_MODE_AUTO_RETRY by default, instead breaking code that does poll or select on blocking sockets (like s_client and s_server). Unfortunately we get to follow suit. ok beck@ inoguchi@ tb@
Diffstat (limited to 'src/lib/libtls/tls.c')
0 files changed, 0 insertions, 0 deletions