openssl/ssl
Matt Caswell 4e8548e80e Introduce the recv_max_early_data setting
Previoulsy we just had max_early_data which controlled both the value of
max early_data that we advertise in tickets *and* the amount of early_data
that we are willing to receive from clients. This doesn't work too well in
the case where we want to reduce a previously advertised max_early_data
value. In that case clients with old, stale tickets may attempt to send us
more early data than we are willing to receive. Instead of rejecting the
early data we abort the connection if that happens.

To avoid this we introduce a new "recv_max_early_data" value. The old
max_early_data becomes the value that is advertised in tickets while
recv_max_early_data is the maximum we will tolerate from clients.

Fixes #6647

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/6655)
2018-07-06 09:26:39 +01:00
..
record Introduce the recv_max_early_data setting 2018-07-06 09:26:39 +01:00
statem Remove TLSv1.3 tickets from the client cache as we use them 2018-07-03 09:44:46 +01:00
bio_ssl.c Add comments to NULL func ptrs in bio_method_st 2017-12-18 07:04:48 +10:00
build.info Move ssl/t1_ext.c to ssl/statem/extensions_cust.c 2017-04-07 13:41:04 +01:00
d1_lib.c More record layer conversions to use SSLfatal() 2017-12-08 16:42:02 +00:00
d1_msg.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
d1_srtp.c Move client parsing of ServerHello extensions into new framework 2016-12-08 17:18:25 +00:00
methods.c Drop support for OPENSSL_NO_TLS1_3_METHOD 2017-06-30 09:41:46 +01:00
packet.c Update copyright year 2018-04-17 15:18:40 +02:00
packet_locl.h Remove __cplusplus preamble from internal headers 2018-06-22 12:24:59 +02:00
pqueue.c Use void in all function definitions that do not take any arguments 2018-05-11 14:37:48 +02:00
s3_cbc.c Move ossl_assert 2017-08-03 10:48:00 +01:00
s3_enc.c Update copyright year 2018-03-20 13:08:46 +00:00
s3_lib.c Fix no-psk 2018-05-14 17:43:19 +01:00
s3_msg.c Update copyright year 2018-02-13 13:59:25 +00:00
ssl_asn1.c Don't use OPENSSL_strdup() for copying alpn_selected 2018-06-21 11:07:45 +01:00
ssl_cert.c Allow NULL for some _free routines. 2018-03-27 16:25:08 -04:00
ssl_cert_table.h Update copyright year 2018-03-20 13:08:46 +00:00
ssl_ciph.c Fix configuration of TLSv1.3 ciphersuites 2018-04-04 16:17:26 +01:00
ssl_conf.c Add the ability to configure anti-replay via SSL_CONF 2018-07-02 15:06:12 +01:00
ssl_err.c Return a fatal error if application data is encountered during shutdown 2018-06-27 10:03:37 +01:00
ssl_init.c Add a config option to disable automatic config loading 2018-04-17 16:33:15 +02:00
ssl_lib.c Introduce the recv_max_early_data setting 2018-07-06 09:26:39 +01:00
ssl_locl.h Introduce the recv_max_early_data setting 2018-07-06 09:26:39 +01:00
ssl_mcnf.c Move the loading of the ssl_conf module to libcrypto 2018-04-05 15:30:12 +01:00
ssl_rsa.c Update copyright year 2018-03-20 13:08:46 +00:00
ssl_sess.c Respect SSL_OP_NO_TICKET in TLSv1.3 2018-06-26 18:09:46 +01:00
ssl_stat.c Merge HRR into ServerHello 2017-12-14 15:06:37 +00:00
ssl_txt.c Address coverity-reported NULL dereference in SSL_SESSION_print() 2018-07-01 18:20:11 -05:00
ssl_utst.c Remove heartbeat support 2016-11-13 16:24:02 -05:00
t1_enc.c GOST MAC algorithms don't support EVP_PKEY_new_raw_private_key() 2018-03-30 19:28:33 +01:00
t1_lib.c Check return from BN_set_word. 2018-06-29 13:21:06 +10:00
t1_trce.c Suport TLSv1.3 draft 28 2018-05-15 10:02:59 +01:00
tls13_enc.c Fix TLSv1.3 ticket nonces 2018-06-07 10:58:35 +01:00
tls_srp.c Use the private RNG for data that is not public 2018-04-02 22:22:43 +02:00