Commit d2f42576 authored by Matt Caswell's avatar Matt Caswell
Browse files

Add a TODO(TLS1.3) about renegotation 



Renegotiation does not exist in TLS1.3, so we need to disable it at some
point.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent 17d01b42

ssl/statem/statem_lib.c

+5 −0
Original line number Diff line number Diff line
@@ -1002,6 +1002,11 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello) 


    switch (server_version) {

    default:

        /*

         * TODO(TLS1.3): This check will fail if someone attempts to do

         * renegotiation in TLS1.3 at the moment. We need to ensure we disable

         * renegotiation for TLS1.3

         */

        if (version_cmp(s, client_version, s->version) < 0)

            return SSL_R_WRONG_SSL_VERSION;

        /*