diff options
| author | Matt Caswell <matt@openssl.org> | 2017-10-13 12:41:50 +0200 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2017-10-16 16:52:18 +0200 |
| commit | a2b97bdf3dbbd255ee24aa8a74cf88d4f7034898 (patch) | |
| tree | 0f9d0b6480413aceaa00c2789da69d137684fd33 /test/recipes/70-test_tls13kexmodes.t | |
| parent | Fix incorrect function name in BN_bn2bin manpage (diff) | |
| download | openssl-a2b97bdf3dbbd255ee24aa8a74cf88d4f7034898.tar.xz openssl-a2b97bdf3dbbd255ee24aa8a74cf88d4f7034898.zip | |
Don't do version neg on an HRR
Previously if a client received an HRR then we would do version negotiation
immediately - because we know we are going to get TLSv1.3. However this
causes a problem when we emit the 2nd ClientHello because we start changing
a whole load of stuff to ommit things that aren't relevant for < TLSv1.3.
The spec requires that the 2nd ClientHello is the same except for changes
required from the HRR. Therefore the simplest thing to do is to defer the
version negotiation until we receive the ServerHello.
Fixes #4292
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4527)
Diffstat (limited to 'test/recipes/70-test_tls13kexmodes.t')
| -rw-r--r-- | test/recipes/70-test_tls13kexmodes.t | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/test/recipes/70-test_tls13kexmodes.t b/test/recipes/70-test_tls13kexmodes.t index fe7415ac56..3f3cfafa39 100644 --- a/test/recipes/70-test_tls13kexmodes.t +++ b/test/recipes/70-test_tls13kexmodes.t @@ -99,12 +99,20 @@ $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); checkhandshake::STATUS_REQUEST_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, + checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, checkhandshake::ALPN_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, checkhandshake::SCT_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, + checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, |