diff options
author | Matt Caswell <matt@openssl.org> | 2017-06-16 10:56:40 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-06-16 10:57:59 +0100 |
commit | abeb2a639b7030aeac08aab4fd9d6b52a3be8b04 (patch) | |
tree | e023deea5b500b852773a68ccf440052da6ea087 | |
parent | 3b0e88d3bd79d01c2da519e405849b78646aab8f (diff) |
Tweak the check that a ciphersuite has not changed since the HRR
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3623)
-rw-r--r-- | ssl/statem/statem_srvr.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 0f55d2652d..6f57816810 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1615,8 +1615,9 @@ static int tls_early_post_process_client_hello(SSL *s, int *pal) al = SSL_AD_HANDSHAKE_FAILURE; goto err; } - if (s->hello_retry_request && s->s3->tmp.new_cipher != NULL - && s->s3->tmp.new_cipher->id != cipher->id) { + if (s->hello_retry_request + && (s->s3->tmp.new_cipher == NULL + || s->s3->tmp.new_cipher->id != cipher->id)) { /* * A previous HRR picked a different ciphersuite to the one we * just selected. Something must have changed. |