diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2020-05-13 17:53:16 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2020-05-13 17:53:16 +0000 |
| commit | 311178d4551fb6da7b2cf79e0d58e93b4005ee0f (patch) | |
| tree | 78f2c5da017f5d977e1ad8da55d7d3f4cb200004 /lib | |
| parent | 34235cb3f37d2895e1f25d7738017ef08e2e6517 (diff) | |
Switch back to the legacy stack where the maximum is less than TLSv1.3.
This allows a server configured to only support TLSv1.2 and earlier, to
correctly handle connections from a TLSv1.3 capable client.
Issue reported by pvk@
ok inoguchi@ tb@
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libssl/tls13_server.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c index ec612df90e7..cd5f19afebf 100644 --- a/lib/libssl/tls13_server.c +++ b/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.45 2020/05/11 17:49:46 jsing Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.46 2020/05/13 17:53:15 jsing Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> * Copyright (c) 2020 Bob Beck <beck@openbsd.org> @@ -115,7 +115,7 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) if (!CBS_get_u8_length_prefixed(cbs, &compression_methods)) goto err; - if (tls13_client_hello_is_legacy(cbs)) { + if (tls13_client_hello_is_legacy(cbs) || s->version < TLS1_3_VERSION) { if (!CBS_skip(cbs, CBS_len(cbs))) goto err; return tls13_use_legacy_server(ctx); |