From 99c3d9d6560601ac170c9657a01cf72bd69cfe63 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sat, 9 May 2020 15:47:11 +0000 Subject: Send dummy ChangeCipherSpec messages from the TLSv1.3 client. When operating in middlebox compatibility mode, the TLSv1.3 client needs to send a dummy ChangeCipherSpec message immediately before its second flight of handshake messages (when early data is not offered). ok tb@ --- src/lib/libssl/tls13_handshake.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'src/lib/libssl/tls13_handshake.c') diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c index d739dc99e5..05446380dd 100644 --- a/src/lib/libssl/tls13_handshake.c +++ b/src/lib/libssl/tls13_handshake.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_handshake.c,v 1.56 2020/05/09 08:39:44 jsing Exp $ */ +/* $OpenBSD: tls13_handshake.c,v 1.57 2020/05/09 15:47:11 jsing Exp $ */ /* * Copyright (c) 2018-2019 Theo Buehler * Copyright (c) 2019 Joel Sing @@ -332,6 +332,12 @@ tls13_handshake_send_action(struct tls13_ctx *ctx, ssize_t ret; CBB cbb; + if (ctx->send_dummy_ccs) { + if ((ret = tls13_send_dummy_ccs(ctx->rl)) != TLS13_IO_SUCCESS) + return ret; + ctx->send_dummy_ccs = 0; + } + /* If we have no handshake message, we need to build one. */ if (ctx->hs_msg == NULL) { if ((ctx->hs_msg = tls13_handshake_msg_new()) == NULL) -- cgit v1.2.3-55-g6feb