wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Tweak the check that a ciphersuite has not changed since the HRR

Browse source 
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3623)
This commit is contained in:
Matt Caswell 2017-06-16 10:56:40 +01:00
parent 3b0e88d3bd
commit abeb2a639b
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
ssl/statem/statem_srvr.c
View file

@ -1615,8 +1615,9 @@ static int tls_early_post_process_client_hello(SSL *s, int *pal)
al = SSL_AD_HANDSHAKE_FAILURE;
goto err;
}
if (s->hello_retry_request && s->s3->tmp.new_cipher != NULL
&& s->s3->tmp.new_cipher->id != cipher->id) {
if (s->hello_retry_request
&& (s->s3->tmp.new_cipher == NULL
|| s->s3->tmp.new_cipher->id != cipher->id)) {
/*
* A previous HRR picked a different ciphersuite to the one we
* just selected. Something must have changed.