WARNING! Gitlab maintenance operation scheduled for Thursday, 18 June between 19:00 and 20:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.

Commit d2f42576 authored Nov 02, 2016 by Matt Caswell

Add a TODO(TLS1.3) about renegotation



Renegotiation does not exist in TLS1.3, so we need to disable it at some
point.

Reviewed-by: Rich Salz <rsalz@openssl.org>

parent 17d01b42

ssl/statem/statem_lib.c

+5 −0

Original line number	Diff line number	Diff line
		@@ -1002,6 +1002,11 @@ int ssl_choose_server_version(SSL s, CLIENTHELLO_MSG hello)

		switch (server_version) {
		default:
		/*
		* TODO(TLS1.3): This check will fail if someone attempts to do
		* renegotiation in TLS1.3 at the moment. We need to ensure we disable
		* renegotiation for TLS1.3
		*/
		if (version_cmp(s, client_version, s->version) < 0)
		return SSL_R_WRONG_SSL_VERSION;
		/*

Admin message