-
Emilia Kasper authored
Tighten client-side session ticket handling during renegotiation: ensure that the client only accepts a session ticket if the server sends the extension anew in the ServerHello. Previously, a TLS client would reuse the old extension state and thus accept a session ticket if one was announced in the initial ServerHello. Reviewed-by:Bodo Moeller <bodo@openssl.org>
d663df23
To find the state of this project's repository at the time of any of these versions, check out the tags.