Don't do version neg on an HRR
Previously if a client received an HRR then we would do version negotiation immediately - because we know we are going to get TLSv1.3. However this causes a problem when we emit the 2nd ClientHello because we start changing a whole load of stuff to ommit things that aren't relevant for < TLSv1.3. The spec requires that the 2nd ClientHello is the same except for changes required from the HRR. Therefore the simplest thing to do is to defer the version negotiation until we receive the ServerHello. Fixes #4292 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4527)
parent
aeb3e4ab
Please register or sign in to comment