diff options
| author | Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk> | 2024-01-23 15:11:03 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2024-04-08 11:52:18 +0200 |
| commit | cb57dc46324d0f8a29e48423a750e4c8419c5185 (patch) | |
| tree | 18b09aa6bf02c2f17e72c25ae72755e282f43e38 | |
| parent | 5dfc0e307b6edb37d0ba96cfeed5a0e38467f770 (diff) | |
Adds dtls 1.3 support in TLS::Proxy
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23375)
| -rw-r--r-- | util/perl/TLSProxy/Record.pm | 16 | ||||
| -rw-r--r-- | util/perl/TLSProxy/ServerHello.pm | 3 |
2 files changed, 9 insertions, 10 deletions
diff --git a/util/perl/TLSProxy/Record.pm b/util/perl/TLSProxy/Record.pm index c309bc2f9f..fdc53922e5 100644 --- a/util/perl/TLSProxy/Record.pm +++ b/util/perl/TLSProxy/Record.pm @@ -36,6 +36,7 @@ my %record_type = ( ); use constant { + VERS_DTLS_1_3 => 0xfefc, VERS_DTLS_1_2 => 0xfefd, VERS_DTLS_1 => 0xfeff, VERS_TLS_1_4 => 0x0305, @@ -48,6 +49,7 @@ use constant { }; our %tls_version = ( + VERS_DTLS_1_3, "DTLS1.3", VERS_DTLS_1_2, "DTLS1.2", VERS_DTLS_1, "DTLS1", VERS_TLS_1_3, "TLS1.3", @@ -391,21 +393,17 @@ sub reconstruct_record if ($self->sslv2) { $data = pack('n', $self->len | 0x8000); } else { + my $content_type = (TLSProxy::Proxy->is_tls13() && $self->encrypted) + ? $self->outer_content_type : $self->content_type; if($self->{isdtls}) { my $seqhi = ($self->seq >> 32) & 0xffff; my $seqmi = ($self->seq >> 16) & 0xffff; my $seqlo = ($self->seq >> 0) & 0xffff; - $data = pack('Cnnnnnn', $self->content_type, $self->version, + $data = pack('Cnnnnnn', $content_type, $self->version, $self->epoch, $seqhi, $seqmi, $seqlo, $self->len); } else { - if (TLSProxy::Proxy->is_tls13() && $self->encrypted) { - $data = pack('Cnn', $self->outer_content_type, $self->version, - $self->len); - } - else { - $data = pack('Cnn', $self->content_type, $self->version, - $self->len); - } + $data = pack('Cnn', $content_type, $self->version, + $self->len); } } diff --git a/util/perl/TLSProxy/ServerHello.pm b/util/perl/TLSProxy/ServerHello.pm index ca1486e041..5e2a4b428d 100644 --- a/util/perl/TLSProxy/ServerHello.pm +++ b/util/perl/TLSProxy/ServerHello.pm @@ -111,7 +111,8 @@ sub parse if ($random eq $hrrrandom) { TLSProxy::Proxy->is_tls13(1); - } elsif ($neg_version == TLSProxy::Record::VERS_TLS_1_3) { + } elsif ($neg_version == TLSProxy::Record::VERS_TLS_1_3 + || $neg_version == TLSProxy::Record::VERS_DTLS_1_3) { TLSProxy::Proxy->is_tls13(1); TLSProxy::Record->server_encrypting(1); |