kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Enforce that EMS is not advertised in TLS 1.3.

Browse Source 
The extension is not defined in TLS 1.3.

Change-Id: I5eb85f7142be7e11f1a9c0e4680e8ace9ac50feb
Reviewed-on: https://boringssl-review.googlesource.com/8771
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
This commit is contained in:
David Benjamin 2016-07-13 21:02:08 -04:00
parent 6e6abe1f44
commit e907765021
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ssl/test/runner/handshake_client.go
View File

@ -986,6 +986,10 @@ func (hs *clientHandshakeState) processServerExtensions(serverExtensions *server
return errors.New("server advertised Channel ID over TLS 1.3")
}
if serverExtensions.extendedMasterSecret && c.vers >= VersionTLS13 && enableTLS13Handshake {
return errors.New("tls: server advertised extended master secret over TLS 1.3")
}
if serverExtensions.srtpProtectionProfile != 0 {
if serverExtensions.srtpMasterKeyIdentifier != "" {
return errors.New("tls: server selected SRTP MKI value")