From 88624381b593bd2db75613e1f49fca6f4df14ca6 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Mon, 6 Apr 2020 16:28:38 +0000
Subject: Send a zero-length session identifier if TLSv1.3 is not enabled.

If the maximum version is less than TLSv1.3, send a zero-length session
identifier (matching the behaviour of the legacy TLS stack), rather than
a 32 byte random identifier. The 32 byte random identifier is only needed
for "compatibility" mode in TLSv1.3.

ok beck@
---
 src/lib/libssl/tls13_client.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 078730111a..82fc50ed9e 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.46 2020/03/10 17:23:25 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.47 2020/04/06 16:28:38 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -177,9 +177,12 @@ tls13_client_hello_build(struct tls13_ctx *ctx, CBB *cbb)
 		goto err;
 
 	/* Either 32-random bytes or zero length... */
-	arc4random_buf(ctx->hs->legacy_session_id,
-	    sizeof(ctx->hs->legacy_session_id));
-	ctx->hs->legacy_session_id_len = sizeof(ctx->hs->legacy_session_id);
+	if (ctx->hs->max_version >= TLS1_3_VERSION) {
+		arc4random_buf(ctx->hs->legacy_session_id,
+		    sizeof(ctx->hs->legacy_session_id));
+		ctx->hs->legacy_session_id_len =
+		    sizeof(ctx->hs->legacy_session_id);
+	}
 
 	if (!CBB_add_u8_length_prefixed(cbb, &session_id))
 		goto err;
-- 
cgit v1.2.3-55-g6feb