kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

runner: Refuse to resume sessions on mismatching versions.

Browse Source 
Clients all consistently reject mismatches. If a different version was
negotiated, a server should ignore the resumption. This doesn't actually affect
current tests.  We really want to be making this change in BoringSSL (and then
upstream), but get the Go half into shape first.

Change-Id: Ieee7e141331d9e08573592e661889bd756dccfa9
Reviewed-on: https://boringssl-review.googlesource.com/2243
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2014-11-10 02:37:15 -05:00 committed by Adam Langley
parent d0297db108
commit e18d821dfc
1 changed files with 3 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ssl/test/runner/handshake_server.go
View File

@ -327,13 +327,9 @@ func (hs *serverHandshakeState) checkForResumption() bool {
return false
}
if !c.config.Bugs.AllowSessionVersionMismatch {
if hs.sessionState.vers > hs.clientHello.vers {
return false
}
if vers, ok := c.config.mutualVersion(hs.sessionState.vers); !ok || vers != hs.sessionState.vers {
return false
}
// Never resume a session for a different SSL version.
if !c.config.Bugs.AllowSessionVersionMismatch && c.vers != hs.sessionState.vers {
return false
}
cipherSuiteOk := false