diff options
author | Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk> | 2023-10-12 13:55:32 +0200 |
---|---|---|
committer | Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk> | 2024-04-15 13:10:56 +0200 |
commit | ce32f3a539dedbc3b8265679316aeed610b9f45b (patch) | |
tree | 93f6a49c75d389c9800fcdca3e89b2e0c494e31e | |
parent | cb57dc46324d0f8a29e48423a750e4c8419c5185 (diff) |
Don't allow renegotiation for DTLS 1.3feature/dtls-1.3
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22362)
-rw-r--r-- | apps/include/s_apps.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/apps/include/s_apps.h b/apps/include/s_apps.h index 33c3b6278c..85eb6dcf36 100644 --- a/apps/include/s_apps.h +++ b/apps/include/s_apps.h @@ -16,7 +16,9 @@ #define PROTOCOL "tcp" #define SSL_VERSION_ALLOWS_RENEGOTIATION(s) \ - (SSL_is_dtls(s) || (SSL_version(s) < TLS1_3_VERSION)) + ((SSL_is_dtls(s) && (SSL_version(s) > DTLS1_3_VERSION \ + || SSL_version(s) == DTLS1_BAD_VER)) \ + || (!SSL_is_dtls(s) && SSL_version(s) < TLS1_3_VERSION)) typedef int (*do_server_cb)(int s, int stype, int prot, unsigned char *context); void get_sock_info_address(int asock, char **hostname, char **service); |