mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
1c259bb518
openssl/ssl
History
Benjamin Kaduk 1c259bb518 Restore historical behavior for absent ServerHello extensions 
In OpenSSL 1.1.0, when there were no extensions added to the ServerHello,
we did not write the extension data length bytes to the end of the
ServerHello; this is needed for compatibility with old client implementations
that do not support TLS extensions (such as the default configuration of
OpenSSL 0.9.8).  When ServerHello extension construction was converted
to the new extensions framework in commit
7da160b0f4, this behavior was inadvertently
limited to cases when SSLv3 was negotiated (and similarly for ClientHellos),
presumably since extensions are not defined at all for SSLv3.  However,
extensions for TLS prior to TLS 1.3 have been defined in separate
RFCs (6066, 4366, and 3546) from the TLS protocol specifications, and as such
should be considered an optional protocol feature in those cases.

Accordingly, be conservative in what we send, and skip the extensions block
when there are no extensions to be sent, regardless of the TLS/SSL version.
(TLS 1.3 requires extensions and can safely be treated differently.)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4296)
2017-09-07 09:53:21 -05:00
..
record Various review fixes for PSK early_data support 2017-08-31 15:03:35 +01:00
statem Restore historical behavior for absent ServerHello extensions 2017-09-07 09:53:21 -05:00
bio_ssl.c
build.info
d1_lib.c add callback handler for setting DTLS timer interval 2017-09-06 08:30:00 +02:00
d1_msg.c (Re)move some things from e_os.h 2017-08-22 14:15:40 -04:00
d1_srtp.c
methods.c Drop support for OPENSSL_NO_TLS1_3_METHOD 2017-06-30 09:41:46 +01:00
packet_locl.h
packet.c Move ossl_assert 2017-08-03 10:48:00 +01:00
pqueue.c Update copyright header 2017-07-30 17:42:00 -04:00
s3_cbc.c Move ossl_assert 2017-08-03 10:48:00 +01:00
s3_enc.c Move ossl_assert 2017-08-03 10:48:00 +01:00
s3_lib.c Implement Aria GCM/CCM Modes and TLS cipher suites 2017-08-30 12:33:53 +02:00
s3_msg.c (Re)move some things from e_os.h 2017-08-22 14:15:40 -04:00
ssl_asn1.c Send and receive the ticket_nonce field in a NewSessionTicket 2017-07-07 15:02:09 +01:00
ssl_cert_table.h Move certificate table to header file so it can be tested. 2017-07-13 12:38:42 +01:00
ssl_cert.c Move e_os.h to be the very first include. 2017-08-30 07:20:44 +10:00
ssl_ciph.c Add ARIA as an alias for all ARIA based modes. 2017-08-31 08:40:11 +10:00
ssl_conf.c e_os.h removal from other headers and source files. 2017-08-30 07:20:43 +10:00
ssl_err.c Complain if we are writing early data but SNI or ALPN is incorrect 2017-08-31 15:03:34 +01:00
ssl_init.c Implement Aria GCM/CCM Modes and TLS cipher suites 2017-08-30 12:33:53 +02:00
ssl_lib.c Enable the ability to use an external PSK for sending early_data 2017-08-31 15:02:22 +01:00
ssl_locl.h add callback handler for setting DTLS timer interval 2017-09-06 08:30:00 +02:00
ssl_mcnf.c
ssl_rsa.c Use certificate tables instead of ssl_cert_type 2017-07-13 12:38:42 +01:00
ssl_sess.c Add functions for getting/setting SNI/ALPN info in SSL_SESSION 2017-08-31 15:03:34 +01:00
ssl_stat.c Fix errors in SSL_state_string_long 2017-07-31 08:55:37 -04:00
ssl_txt.c
ssl_utst.c
t1_enc.c Fix tls1_generate_master_secret 2017-06-22 11:54:19 -04:00
t1_lib.c e_os.h removal from other headers and source files. 2017-08-30 07:20:43 +10:00
t1_trce.c Fix the names of older ciphers. 2017-07-31 09:11:18 -04:00
tls13_enc.c Make sure we use the correct cipher when using the early_secret 2017-08-31 15:02:58 +01:00
tls_srp.c Add a DRBG to each SSL object 2017-08-03 10:24:03 -04:00