Disable requests for renegotiation in TLSv1.3

Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
2017-01-11 16:29:38 +00:00 · 2017-01-11 16:29:38 +00:00 · cda6b99867
commit cda6b99867
parent c7f47786a5
1 changed files with 8 additions and 0 deletions
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@ -1716,6 +1716,10 @@ int SSL_shutdown(SSL *s)

 int SSL_renegotiate(SSL *s)
 {
+    /* Do nothing in TLS1.3 */
+    if (SSL_IS_TLS13(s))
+        return 1;
+
    if (s->renegotiate == 0)
        s->renegotiate = 1;

@ -1726,6 +1730,10 @@ int SSL_renegotiate(SSL *s)

 int SSL_renegotiate_abbreviated(SSL *s)
 {
+    /* Do nothing in TLS1.3 */
+    if (SSL_IS_TLS13(s))
+        return 1;
+
    if (s->renegotiate == 0)
        s->renegotiate = 1;