Skip to content
  • Matt Caswell's avatar
    Don't signal SSL_CB_HANDSHAKE_START for TLSv1.3 post-handshake messages · 37857e9b
    Matt Caswell authored
    
    
    The original 1.1.1 design was to use SSL_CB_HANDSHAKE_START and
    SSL_CB_HANDSHAKE_DONE to signal start/end of a post-handshake message
    exchange in TLSv1.3. Unfortunately experience has shown that this confuses
    some applications who mistake it for a TLSv1.2 renegotiation. This means
    that KeyUpdate messages are not handled properly.
    
    This commit removes the use of SSL_CB_HANDSHAKE_START and
    SSL_CB_HANDSHAKE_DONE to signal the start/end of a post-handshake
    message exchange. Individual post-handshake messages are still signalled in
    the normal way.
    
    This is a potentially breaking change if there are any applications already
    written that expect to see these TLSv1.3 events. However, without it,
    KeyUpdate is not currently usable for many applications.
    
    Fixes #8069
    
    Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/8096)
    
    (cherry picked from commit 4af5836b)
    37857e9b
To find the state of this project's repository at the time of any of these versions, check out the tags.