3 files changed, 3 insertions, 34 deletions

diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c
index 1825bfbf6c..d3333a2e4a 100644
--- a/src/lib/libssl/tls13_handshake.c
+++ b/src/lib/libssl/tls13_handshake.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_handshake.c,v 1.58 2020/05/09 16:43:05 tb Exp $ */
+/*      $OpenBSD: tls13_handshake.c,v 1.59 2020/05/09 20:38:19 tb Exp $ */
 /*
  * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
@@ -102,7 +102,6 @@ static const struct tls13_handshake_action state_machine[] = {
                 .sender = TLS13_HS_SERVER,
                 .send = tls13_server_hello_retry_request_send,
                 .recv = tls13_server_hello_retry_request_recv,
-                .sent = tls13_server_hello_retry_request_sent,
         },
         [SERVER_ENCRYPTED_EXTENSIONS] = {
                 .handshake_type = TLS13_MT_ENCRYPTED_EXTENSIONS,
@@ -374,12 +373,6 @@ tls13_handshake_send_action(struct tls13_ctx *ctx,
         if (action->sent != NULL && !action->sent(ctx))
                 return TLS13_IO_FAILURE;
 
-        if (ctx->send_dummy_ccs) {
-                if ((ret = tls13_send_dummy_ccs(ctx->rl)) != TLS13_IO_SUCCESS)
-                        return ret;
-                ctx->send_dummy_ccs = 0;
-        }
-
         return TLS13_IO_SUCCESS;
 }
 
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index e3aaf634c3..050ad15df8 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.71 2020/05/09 16:43:05 tb Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.72 2020/05/09 20:38:19 tb Exp $ */
 /*
  * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
  * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -323,7 +323,6 @@ int tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb);
 int tls13_server_hello_sent(struct tls13_ctx *ctx);
 int tls13_server_hello_retry_request_recv(struct tls13_ctx *ctx, CBS *cbs);
 int tls13_server_hello_retry_request_send(struct tls13_ctx *ctx, CBB *cbb);
-int tls13_server_hello_retry_request_sent(struct tls13_ctx *ctx);
 int tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx, CBS *cbs);
 int tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx, CBB *cbb);
 int tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs);
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 5e2711d4d4..0b040fb51d 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.39 2020/05/09 16:43:05 tb Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.40 2020/05/09 20:38:19 tb Exp $ */
 /*
  * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -335,20 +335,6 @@ tls13_server_hello_retry_request_send(struct tls13_ctx *ctx, CBB *cbb)
 }
 
 int
-tls13_server_hello_retry_request_sent(struct tls13_ctx *ctx)
-{
-        /*
-         * If the client has requested middlebox compatibility mode,
-         * we MUST send a dummy CCS following our first handshake message.
-         * See RFC 8446 Appendix D.4.
-         */
-        if (ctx->hs->legacy_session_id_len > 0)
-                ctx->send_dummy_ccs = 1;
-
-        return 1;
-}
-
-int
 tls13_client_hello_retry_recv(struct tls13_ctx *ctx, CBS *cbs)
 {
         SSL *s = ctx->ssl;
@@ -382,15 +368,6 @@ tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb)
 int
 tls13_server_hello_sent(struct tls13_ctx *ctx)
 {
-        /*
-         * If the client has requested middlebox compatibility mode,
-         * we MUST send a dummy CCS following our first handshake message.
-         * See RFC 8446 Appendix D.4.
-         */
-        if ((ctx->handshake_stage.hs_type & WITHOUT_HRR) &&
-            ctx->hs->legacy_session_id_len > 0)
-                ctx->send_dummy_ccs = 1;
-
         return tls13_server_engage_record_protection(ctx);
 }