Skip to content
Commit 2f2295a5 authored by Matt Caswell's avatar Matt Caswell
Browse files

Fix DTLS session ticket renewal



A DTLS client will abort a handshake if the server attempts to renew the
session ticket. This is caused by a state machine discrepancy between DTLS
and TLS discovered during the state machine rewrite work.

The bug can be demonstrated as follows:

Start a DTLS s_server instance:
openssl s_server -dtls

Start a client and obtain a session but no ticket:
openssl s_client -dtls -sess_out session.pem -no_ticket

Now start a client reusing the session, but allow a ticket:
openssl s_client -dtls -sess_in session.pem

The client will abort the handshake.

Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
(cherry picked from commit ee4ffd6f)

Conflicts:
	ssl/d1_clnt.c
parent 8e0b56b9
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment