diff options
author | Emilia Kasper <emilia@openssl.org> | 2014-11-19 16:40:27 +0100 |
---|---|---|
committer | Emilia Kasper <emilia@openssl.org> | 2014-11-20 15:17:36 +0100 |
commit | 9baee0216fe3bf572435a867963bdeea8ad95b59 (patch) | |
tree | 236bd540778f5bbc83eeeb439d8efcb3b8ac65b5 /CHANGES | |
parent | 5d23e1303c8e4f3c9371cb28366e51fda7a583a7 (diff) |
Always require an advertised NewSessionTicket message.
The server must send a NewSessionTicket message if it advertised one
in the ServerHello, so make a missing ticket message an alert
in the client.
An equivalent change was independently made in BoringSSL, see commit
6444287806d801b9a45baf1f6f02a0e3a16e144c.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit de2c7504ebd4ec15334ae151a31917753468f86f)
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -48,6 +48,10 @@ the extension anew in the ServerHello. Previously, a TLS client would reuse the old extension state and thus accept a session ticket if one was announced in the initial ServerHello. + + Similarly, ensure that the client requires a session ticket if one + was advertised in the ServerHello. Previously, a TLS client would + ignore a missing NewSessionTicket message. [Emilia Käsper] *) Accelerated NIST P-256 elliptic curve implementation for x86_64 @@ -377,6 +381,10 @@ the extension anew in the ServerHello. Previously, a TLS client would reuse the old extension state and thus accept a session ticket if one was announced in the initial ServerHello. + + Similarly, ensure that the client requires a session ticket if one + was advertised in the ServerHello. Previously, a TLS client would + ignore a missing NewSessionTicket message. [Emilia Käsper] Changes between 1.0.1i and 1.0.1j [15 Oct 2014] |