Send a CCS after ServerHello in TLSv1.3 if using middlebox compat mode

Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
2025-03-31 20:10:45 +08:00 · 2017-11-08 15:00:48 +00:00 · 2017-11-08 15:00:48 +00:00 · db37d32cb8
commit db37d32cb8
parent 066904ccee
2 changed files with 15 additions and 3 deletions
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@ -592,7 +592,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
    SSL_CONF_CMD_SWITCH("allow_no_dhe_kex", 0),
    SSL_CONF_CMD_SWITCH("prioritize_chacha", SSL_CONF_FLAG_SERVER),
    SSL_CONF_CMD_SWITCH("strict", 0),
-    SSL_CONF_CMD_SWITCH("no_middlebox", SSL_CONF_FLAG_CLIENT),
+    SSL_CONF_CMD_SWITCH("no_middlebox", 0),
    SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs", 0),
    SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs", 0),
    SSL_CONF_CMD_STRING(Curves, "curves", 0),
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@ -403,6 +403,13 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s)
        return WRITE_TRAN_CONTINUE;

    case TLS_ST_SW_SRVR_HELLO:
+        if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0)
+            st->hand_state = TLS_ST_SW_CHANGE;
+        else
+            st->hand_state = TLS_ST_SW_ENCRYPTED_EXTENSIONS;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_CHANGE:
        st->hand_state = TLS_ST_SW_ENCRYPTED_EXTENSIONS;
        return WRITE_TRAN_CONTINUE;

@ -763,6 +770,12 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst)
                     sizeof(sctpauthkey), sctpauthkey);
        }
 #endif
+        if (!SSL_IS_TLS13(s)
+                || (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0)
+            break;
+        /* Fall through */
+
+    case TLS_ST_SW_CHANGE:
        /*
         * TODO(TLS1.3): This actually causes a problem. We don't yet know
         * whether the next record we are going to receive is an unencrypted
@ -783,10 +796,9 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst)
                /* SSLfatal() already called */
                return WORK_ERROR;
            }
+            break;
        }
-        break;

-    case TLS_ST_SW_CHANGE:
 #ifndef OPENSSL_NO_SCTP
        if (SSL_IS_DTLS(s) && !s->hit) {
            /*