kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
bdf5e72f50
boringssl/ssl
History
David Benjamin bdf5e72f50 Don't resume sessions if the negotiated version doesn't match. 
All of NSS, upstream OpenSSL, SChannel, and Secure Transport require, on the
client, that the ServerHello version match the session's version on resumption.
OpenSSL's current behavior is incompatible with all of these. Fall back to a
full handshake on the server instead of mismatch.

Add a comment on the client for why we are, as of
30ddb434bf, not currently enforcing the same in
the client.

Change-Id: I60aec972d81368c4ec30e2fd515dabd69401d175
Reviewed-on: https://boringssl-review.googlesource.com/2244
Reviewed-by: Adam Langley <agl@google.com>
2014-11-13 22:05:12 +00:00
..
pqueue Test insertion of duplicates in pqueue_test. 2014-11-06 01:46:57 +00:00
test Don't resume sessions if the negotiated version doesn't match. 2014-11-13 22:05:12 +00:00
CMakeLists.txt Merge the get_ssl_method hooks between TLS and SSLv3. 2014-09-30 22:58:59 +00:00
d1_both.c Remove DTLSv1_listen. 2014-11-10 22:39:24 +00:00
d1_clnt.c Remove SSL3_FLAGS_POP_BUFFER. 2014-11-10 23:59:13 +00:00
d1_enc.c Remove KSSL_DEBUG. 2014-11-04 19:35:38 +00:00
d1_lib.c Remove DTLSv1_listen. 2014-11-10 22:39:24 +00:00
d1_meth.c Inital import. 2014-06-20 13:17:32 -07:00
d1_pkt.c Remove #if 0'd code documenting an old bug. 2014-11-10 22:45:17 +00:00
d1_srtp.c Add less dangerous versions of SRTP functions. 2014-10-27 21:58:09 +00:00
d1_srvr.c Remove psk_identity_hint from SSL_SESSION. 2014-11-10 23:59:47 +00:00
s3_both.c Remove remnant of MS SGC second ClientHello. 2014-11-04 00:25:13 +00:00
s3_cbc.c Add a few more constant-time utility functions. 2014-11-10 13:45:32 -08:00
s3_clnt.c Don't resume sessions if the negotiated version doesn't match. 2014-11-13 22:05:12 +00:00
s3_enc.c Extended master secret support. 2014-10-24 21:19:44 +00:00
s3_lib.c Remove psk_identity_hint from SSL_SESSION. 2014-11-10 23:59:47 +00:00
s3_meth.c Merge the get_ssl_method hooks between TLS and SSLv3. 2014-09-30 22:58:59 +00:00
s3_pkt.c Don't be lenient if the client attempts unsafe renego. 2014-11-10 22:46:17 +00:00
s3_srvr.c Don't resume sessions if the negotiated version doesn't match. 2014-11-13 22:05:12 +00:00
s23_clnt.c Handle session resumption in SSLv23_client_method. 2014-09-25 22:04:20 +00:00
s23_lib.c Remove default_timeout hook. 2014-08-18 17:25:20 +00:00
s23_meth.c unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
s23_pkt.c Inital import. 2014-06-20 13:17:32 -07:00
s23_srvr.c Remove Suite B mode. 2014-08-14 22:00:16 +00:00
ssl_algs.c Remove indirection in loading ciphers. 2014-09-15 21:06:10 +00:00
ssl_asn1.c Remove psk_identity_hint from SSL_SESSION. 2014-11-10 23:59:47 +00:00
ssl_cert.c Remove client-side support for ServerKeyExchange in the RSA key exchange. 2014-11-10 23:00:09 +00:00
ssl_ciph.c Remove client-side support for ServerKeyExchange in the RSA key exchange. 2014-11-10 23:00:09 +00:00
ssl_error.c Add SSL_SESSION_to_bytes to replace i2d_SSL_SESSION. 2014-10-28 19:02:59 +00:00
ssl_lib.c Remove psk_identity_hint from SSL_SESSION. 2014-11-10 23:59:47 +00:00
ssl_locl.h Remove client-side support for ServerKeyExchange in the RSA key exchange. 2014-11-10 23:00:09 +00:00
ssl_rsa.c Prune removed key types from SSL_PKEY_*. 2014-08-20 02:15:32 +00:00
ssl_sess.c Remove psk_identity_hint from SSL_SESSION. 2014-11-10 23:59:47 +00:00
ssl_stat.c unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
ssl_test.c Remove psk_identity_hint from SSL_SESSION. 2014-11-10 23:59:47 +00:00
ssl_txt.c Remove psk_identity_hint from SSL_SESSION. 2014-11-10 23:59:47 +00:00
t1_enc.c Remove KSSL_DEBUG. 2014-11-04 19:35:38 +00:00
t1_lib.c Extended master secret support. 2014-10-24 21:19:44 +00:00
t1_reneg.c Port ssl3_get_client_hello to CBS. 2014-07-15 18:30:09 +00:00