diff options
author | Emilia Kasper <emilia@openssl.org> | 2015-09-22 15:20:26 +0200 |
---|---|---|
committer | Emilia Kasper <emilia@openssl.org> | 2016-03-03 13:53:26 +0100 |
commit | 062178678f5374b09f00d70796f6e692e8775aca (patch) | |
tree | ae299cf72a32514f7e5315af16977976f6083c86 /CHANGES | |
parent | d6c2587967f93f2f9c226bda9139ae427698f20f (diff) |
Refactor ClientHello extension parsing
1) Simplify code with better PACKET methods.
2) Make broken SNI parsing explicit. SNI was intended to be extensible
to new name types but RFC 4366 defined the syntax inextensibly, and
OpenSSL has never parsed SNI in a way that would allow adding a new name
type. RFC 6066 fixed the definition but due to broken implementations
being widespread, it appears impossible to ever extend SNI.
3) Annotate resumption behaviour. OpenSSL doesn't currently handle all
extensions correctly upon resumption. Annotate for further clean-up.
4) Send an alert on ALPN protocol mismatch.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -4,6 +4,12 @@ Changes between 1.0.2g and 1.1.0 [xx XXX xxxx] + *) If the server has ALPN configured, but supports no protocols that the + client advertises, send a fatal "no_application_protocol" alert. + This behaviour is SHALL in RFC 7301, though it isn't universally + implemented by other servers. + [Emilia Käsper] + *) Add X25519 support. Integrate support for X25519 into EC library. This includes support for public and private key encoding using the format documented in |