Always require an advertised NewSessionTicket message.
The server must send a NewSessionTicket message if it advertised one in the ServerHello, so make a missing ticket message an alert in the client. An equivalent change was independently made in BoringSSL, see commit 6444287806d801b9a45baf1f6f02a0e3a16e144c. Reviewed-by:Matt Caswell <matt@openssl.org> (cherry picked from commit de2c7504) Conflicts: CHANGES
parent
b8712b2b
Please register or sign in to comment