Always enable GREASE for TLS 1.3 NewSessionTicket.
On the client we'll leave it off by default until the change has made it through Chrome's release process. For TLS 1.3, there is no existing breakage risk, so always do it. This saves us the trouble of having to manually turn it on in servers. See [0] for a data point of someone getting it wrong. [0] https://hg.mozilla.org/projects/nss/rev/9dbc21b1c3cc Change-Id: I74daad9e7efd2040e9d66d72d558b31f145e6c4c Reviewed-on: https://boringssl-review.googlesource.com/11680 Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
parent
afdbb62de2
commit
079b394c49
@ -2299,10 +2299,13 @@ func addBasicTests() {
|
||||
config: Config{
|
||||
MaxVersion: VersionTLS13,
|
||||
Bugs: ProtocolBugs{
|
||||
// TLS 1.3 servers are expected to
|
||||
// always enable GREASE. TLS 1.3 is new,
|
||||
// so there is no existing ecosystem to
|
||||
// worry about.
|
||||
ExpectGREASE: true,
|
||||
},
|
||||
},
|
||||
flags: []string{"-enable-grease"},
|
||||
},
|
||||
}
|
||||
testCases = append(testCases, basicTests...)
|
||||
|
@ -574,13 +574,11 @@ static enum ssl_hs_wait_t do_send_new_session_ticket(SSL *ssl,
|
||||
}
|
||||
|
||||
/* Add a fake extension. See draft-davidben-tls-grease-01. */
|
||||
if (ssl->ctx->grease_enabled) {
|
||||
if (!CBB_add_u16(&extensions,
|
||||
ssl_get_grease_value(ssl, ssl_grease_ticket_extension)) ||
|
||||
!CBB_add_u16(&extensions, 0 /* empty */)) {
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
||||
if (!ssl->method->finish_message(ssl, &cbb)) {
|
||||
goto err;
|
||||
|
Loading…
Reference in New Issue
Block a user