Only hash known CH extensions - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2021-04-22 18:27:53 +0000
committer	tb <>	2021-04-22 18:27:53 +0000
commit	e80166f7e03bb39682e2531b38a9a756170890e4 (patch)
tree	e2d5b95dda83b3ae232ba03b900ca0d12f56a9ad /src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py
parent	495d50d5e2181dc8a32391623733cdaaf4e09f45 (diff)
download	openbsd-e80166f7e03bb39682e2531b38a9a756170890e4.tar.gz openbsd-e80166f7e03bb39682e2531b38a9a756170890e4.tar.bz2 openbsd-e80166f7e03bb39682e2531b38a9a756170890e4.zip

Only hash known CH extensions

RFC 4.1.2 specifies the ways in which the extensions in the first and the second ClientHello may differ. It basically says that extensions not known to a server must not change. This in turn makes it impossible to introduce new extensions that do change. It makes little sense to enforce that extensions we don't know and care about aren't modified, so make the hashing more lenient and restrict it to the extensions we do care about. Arguably, enforcing no change in an unknown extension is incompatible with the requirement that it be ignored. ok bcook jsing

Diffstat (limited to 'src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: