diff options
| author | Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk> | 2023-10-12 13:55:32 +0200 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2024-04-23 11:57:05 +0100 |
| commit | a49ffb7c4c68478ae88e30cd2e6b2d5d11bf89cc (patch) | |
| tree | 84436019c99352feadbf25f5b217d82afc5d47b8 | |
| parent | c1440548fd6a42261d8d2eddcaa0610195b1a0d8 (diff) | |
Don't allow renegotiation for DTLS 1.3
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22362)
| -rw-r--r-- | apps/include/s_apps.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/apps/include/s_apps.h b/apps/include/s_apps.h index 33c3b6278c..85eb6dcf36 100644 --- a/apps/include/s_apps.h +++ b/apps/include/s_apps.h @@ -16,7 +16,9 @@ #define PROTOCOL "tcp" #define SSL_VERSION_ALLOWS_RENEGOTIATION(s) \ - (SSL_is_dtls(s) || (SSL_version(s) < TLS1_3_VERSION)) + ((SSL_is_dtls(s) && (SSL_version(s) > DTLS1_3_VERSION \ + || SSL_version(s) == DTLS1_BAD_VER)) \ + || (!SSL_is_dtls(s) && SSL_version(s) < TLS1_3_VERSION)) typedef int (*do_server_cb)(int s, int stype, int prot, unsigned char *context); void get_sock_info_address(int asock, char **hostname, char **service); |