Skip to content
Commit 4c75f4e5 authored by Emilia Kasper's avatar Emilia Kasper
Browse files

Tighten session ticket handling



Tighten client-side session ticket handling during renegotiation:
ensure that the client only accepts a session ticket if the server sends
the extension anew in the ServerHello. Previously, a TLS client would
reuse the old extension state and thus accept a session ticket if one was
announced in the initial ServerHello.

Reviewed-by: default avatarBodo Moeller <bodo@openssl.org>
(cherry picked from commit d663df23)
parent 13803174
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment