mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-07 19:38:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

Do not send the empty renegotiation info SCSV in QUIC

Browse Source 
There is no point in sending that when min_proto_version is >= TLS1_3_VERSION.
So we set that during SSL_CTX initialization and skip adding the SCSV.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20764)
This commit is contained in:
Tomas Mraz 2023-04-21 17:19:27 +02:00
parent 1009940c14
commit 1eef26bd89
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ssl/statem/statem_clnt.c
View File

@ -4027,7 +4027,9 @@ int ssl_cipher_list_to_bytes(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *sk,
{
int i;
size_t totlen = 0, len, maxlen, maxverok = 0;
int empty_reneg_info_scsv = !s->renegotiate;
int empty_reneg_info_scsv = !s->renegotiate
&& (SSL_CONNECTION_IS_DTLS(s)
|| s->min_proto_version < TLS1_3_VERSION);
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
/* Set disabled masks for this session */