diff options
author | jsing <> | 2022-09-11 14:33:07 +0000 |
---|---|---|
committer | jsing <> | 2022-09-11 14:33:07 +0000 |
commit | f89c54df88fa62477e4eb5d92a93a2dc346c6c03 (patch) | |
tree | b26aff081d10224d8e1af85ac3458a4e3f40a8d7 /src/lib | |
parent | 0e4a43263970930a73f26bc35df65ec5f1ad8166 (diff) | |
download | openbsd-f89c54df88fa62477e4eb5d92a93a2dc346c6c03.tar.gz openbsd-f89c54df88fa62477e4eb5d92a93a2dc346c6c03.tar.bz2 openbsd-f89c54df88fa62477e4eb5d92a93a2dc346c6c03.zip |
Only permit CCS messages if requesting middlebox compatibility mode.
Currently the TLSv1.3 client always permits the server to send CCS
messages. Be more strict and only permit this if the client is actually
requesitng middlebox compatibility mode.
ok tb@
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/libssl/tls13_client.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 87759632f9..33ef55d2ec 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: tls13_client.c,v 1.98 2022/08/17 07:39:19 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_client.c,v 1.99 2022/09/11 14:33:07 jsing Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
4 | * | 4 | * |
@@ -148,12 +148,12 @@ tls13_client_hello_send(struct tls13_ctx *ctx, CBB *cbb) | |||
148 | int | 148 | int |
149 | tls13_client_hello_sent(struct tls13_ctx *ctx) | 149 | tls13_client_hello_sent(struct tls13_ctx *ctx) |
150 | { | 150 | { |
151 | tls13_record_layer_allow_ccs(ctx->rl, 1); | ||
152 | |||
153 | tls1_transcript_freeze(ctx->ssl); | 151 | tls1_transcript_freeze(ctx->ssl); |
154 | 152 | ||
155 | if (ctx->middlebox_compat) | 153 | if (ctx->middlebox_compat) { |
154 | tls13_record_layer_allow_ccs(ctx->rl, 1); | ||
156 | ctx->send_dummy_ccs = 1; | 155 | ctx->send_dummy_ccs = 1; |
156 | } | ||
157 | 157 | ||
158 | return 1; | 158 | return 1; |
159 | } | 159 | } |