Always require an advertised NewSessionTicket message.
The server must send a NewSessionTicket message if it advertised one
in the ServerHello, so make a missing ticket message an alert
in the client.
An equivalent change was independently made in BoringSSL, see commit
6444287806d801b9a45baf1f6f02a0e3a16e144c.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit de2c7504eb)
Conflicts:
CHANGES
This commit is contained in:
Emilia Kasper
parent
b8712b2b9a
commit
15d717f574
16
CHANGES
16
CHANGES
@ -4,12 +4,16 @@
|
|||||||
|
|
||||||
Changes between 1.0.1j and 1.0.1k [xx XXX xxxx]
|
Changes between 1.0.1j and 1.0.1k [xx XXX xxxx]
|
||||||
|
|
||||||
*) Tighten client-side session ticket handling during renegotiation:
|
*) Tighten client-side session ticket handling during renegotiation:
|
||||||
ensure that the client only accepts a session ticket if the server sends
|
ensure that the client only accepts a session ticket if the server sends
|
||||||
the extension anew in the ServerHello. Previously, a TLS client would
|
the extension anew in the ServerHello. Previously, a TLS client would
|
||||||
reuse the old extension state and thus accept a session ticket if one was
|
reuse the old extension state and thus accept a session ticket if one was
|
||||||
announced in the initial ServerHello.
|
announced in the initial ServerHello.
|
||||||
[Emilia Käsper]
|
|
||||||
|
Similarly, ensure that the client requires a session ticket if one
|
||||||
|
was advertised in the ServerHello. Previously, a TLS client would
|
||||||
|
ignore a missing NewSessionTicket message.
|
||||||
|
[Emilia Käsper]
|
||||||
|
|
||||||
Changes between 1.0.1i and 1.0.1j [15 Oct 2014]
|
Changes between 1.0.1i and 1.0.1j [15 Oct 2014]
|
||||||
|
|
||||||
|
|||||||
@ -2160,24 +2160,13 @@ int ssl3_get_new_session_ticket(SSL *s)
|
|||||||
n=s->method->ssl_get_message(s,
|
n=s->method->ssl_get_message(s,
|
||||||
SSL3_ST_CR_SESSION_TICKET_A,
|
SSL3_ST_CR_SESSION_TICKET_A,
|
||||||
SSL3_ST_CR_SESSION_TICKET_B,
|
SSL3_ST_CR_SESSION_TICKET_B,
|
||||||
-1,
|
SSL3_MT_NEWSESSION_TICKET,
|
||||||
16384,
|
16384,
|
||||||
&ok);
|
&ok);
|
||||||
|
|
||||||
if (!ok)
|
if (!ok)
|
||||||
return((int)n);
|
return((int)n);
|
||||||
|
|
||||||
if (s->s3->tmp.message_type == SSL3_MT_FINISHED)
|
|
||||||
{
|
|
||||||
s->s3->tmp.reuse_message=1;
|
|
||||||
return(1);
|
|
||||||
}
|
|
||||||
if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET)
|
|
||||||
{
|
|
||||||
al=SSL_AD_UNEXPECTED_MESSAGE;
|
|
||||||
SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_BAD_MESSAGE_TYPE);
|
|
||||||
goto f_err;
|
|
||||||
}
|
|
||||||
if (n < 6)
|
if (n < 6)
|
||||||
{
|
{
|
||||||
/* need at least ticket_lifetime_hint + ticket length */
|
/* need at least ticket_lifetime_hint + ticket length */
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user