summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorjsing <>2020-05-11 17:49:46 +0000
committerjsing <>2020-05-11 17:49:46 +0000
commit6ab28470e9c3f4da140fc271adce655e78d3b4df (patch)
tree493b8c6a329a99e4cf225e642760a3217adc86ee /src
parentb7219fe30ee8ebb60e558faa30efe4806616d3a0 (diff)
downloadopenbsd-6ab28470e9c3f4da140fc271adce655e78d3b4df.tar.gz
openbsd-6ab28470e9c3f4da140fc271adce655e78d3b4df.tar.bz2
openbsd-6ab28470e9c3f4da140fc271adce655e78d3b4df.zip
Set the record layer legacy version from the TLSv1.3 server.
This will be used to handle record version checks. ok tb@
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/tls13_server.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 1c286f573e..ec612df90e 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_server.c,v 1.44 2020/05/11 17:23:35 jsing Exp $ */ 1/* $OpenBSD: tls13_server.c,v 1.45 2020/05/11 17:49:46 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -37,6 +37,8 @@ tls13_server_init(struct tls13_ctx *ctx)
37 if (!ssl_get_new_session(s, 0)) /* XXX */ 37 if (!ssl_get_new_session(s, 0)) /* XXX */
38 return 0; 38 return 0;
39 39
40 tls13_record_layer_set_legacy_version(ctx->rl, TLS1_VERSION);
41
40 if (!tls1_transcript_init(s)) 42 if (!tls1_transcript_init(s))
41 return 0; 43 return 0;
42 44
@@ -183,6 +185,8 @@ tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs)
183 if (s->method->internal->version < TLS1_3_VERSION) 185 if (s->method->internal->version < TLS1_3_VERSION)
184 return 1; 186 return 1;
185 187
188 tls13_record_layer_set_legacy_version(ctx->rl, TLS1_2_VERSION);
189
186 /* 190 /*
187 * If a matching key share was provided, we do not need to send a 191 * If a matching key share was provided, we do not need to send a
188 * HelloRetryRequest. 192 * HelloRetryRequest.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-21 18:50:36 +0000