wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/ssl
History
Matt Caswell 37857e9b52 Don't signal SSL_CB_HANDSHAKE_START for TLSv1.3 post-handshake messages 
The original 1.1.1 design was to use SSL_CB_HANDSHAKE_START and
SSL_CB_HANDSHAKE_DONE to signal start/end of a post-handshake message
exchange in TLSv1.3. Unfortunately experience has shown that this confuses
some applications who mistake it for a TLSv1.2 renegotiation. This means
that KeyUpdate messages are not handled properly.

This commit removes the use of SSL_CB_HANDSHAKE_START and
SSL_CB_HANDSHAKE_DONE to signal the start/end of a post-handshake
message exchange. Individual post-handshake messages are still signalled in
the normal way.

This is a potentially breaking change if there are any applications already
written that expect to see these TLSv1.3 events. However, without it,
KeyUpdate is not currently usable for many applications.

Fixes #8069

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8096)

(cherry picked from commit 4af5836b55)
2019-02-14 16:25:44 +00:00
..
record Revert "Keep the DTLS timer running after the end of the handshake if appropriate" 2019-01-24 13:44:29 +00:00
statem Don't signal SSL_CB_HANDSHAKE_START for TLSv1.3 post-handshake messages 2019-02-14 16:25:44 +00:00
bio_ssl.c Add comments to NULL func ptrs in bio_method_st 2017-12-18 07:04:48 +10:00
build.info Move ssl/t1_ext.c to ssl/statem/extensions_cust.c 2017-04-07 13:41:04 +01:00
d1_lib.c Update copyright year 2018-11-20 13:27:36 +00:00
d1_msg.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
d1_srtp.c Move client parsing of ServerHello extensions into new framework 2016-12-08 17:18:25 +00:00
methods.c Drop support for OPENSSL_NO_TLS1_3_METHOD 2017-06-30 09:41:46 +01:00
packet.c Update copyright year 2018-04-17 15:18:40 +02:00
packet_locl.h Update copyright year 2018-09-11 13:45:17 +01:00
pqueue.c Use void in all function definitions that do not take any arguments 2018-05-11 14:37:48 +02:00
s3_cbc.c Update copyright year 2018-11-20 13:27:36 +00:00
s3_enc.c Eliminate unused buffers from ssl3_change_cipher_state 2019-01-03 14:21:35 +00:00
s3_lib.c Fix wrong return value in ssl3_ctx_ctrl 2018-11-22 01:05:43 +08:00
s3_msg.c Update copyright year 2018-02-13 13:59:25 +00:00
ssl_asn1.c Don't use OPENSSL_strdup() for copying alpn_selected 2018-06-21 11:07:45 +01:00
ssl_cert.c Separate ca_names handling for client and server 2018-11-12 14:38:47 +00:00
ssl_cert_table.h Update copyright year 2018-03-20 13:08:46 +00:00
ssl_ciph.c Add missing entries in ssl_mac_pkey_id 2019-01-15 11:50:35 +00:00
ssl_conf.c Add the ability to configure anti-replay via SSL_CONF 2018-07-02 15:06:12 +01:00
ssl_err.c Fix some TLSv1.3 alert issues 2018-07-31 09:31:50 +01:00
ssl_init.c More configurable crypto and ssl library initialization 2019-01-07 13:53:52 -05:00
ssl_lib.c Ignore cipher suites when setting cipher list 2019-02-14 14:00:59 +00:00
ssl_locl.h Fix some SSL_export_keying_material() issues 2018-12-05 10:59:08 +00:00
ssl_mcnf.c Move the loading of the ssl_conf module to libcrypto 2018-04-05 15:30:12 +01:00
ssl_rsa.c Update copyright year 2018-03-20 13:08:46 +00:00
ssl_sess.c ssl/*: switch to switch to Thread-Sanitizer-friendly primitives. 2018-08-07 09:08:23 +02:00
ssl_stat.c Merge HRR into ServerHello 2017-12-14 15:06:37 +00:00
ssl_txt.c Address coverity-reported NULL dereference in SSL_SESSION_print() 2018-07-01 18:20:11 -05:00
ssl_utst.c
t1_enc.c Remove unused variables from tls1_change_cipher_state 2019-01-03 14:21:35 +00:00
t1_lib.c Honour mandatory digest on private key in has_usable_cert() 2018-11-24 08:49:32 +02:00
t1_trce.c Fix ssl/t1_trce.c to parse certificate chains 2018-09-01 08:58:42 +08:00
tls13_enc.c Don't get the mac type in TLSv1.3 2019-01-15 11:50:35 +00:00
tls_srp.c Use the private RNG for data that is not public 2018-04-02 22:22:43 +02:00