diff options
author | Felipe Gasper <felipe@felipegasper.com> | 2021-10-28 10:13:47 -0400 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-11-02 16:30:10 +0100 |
commit | af5e63e1e3300f784f302a5d3309bf673cc08894 (patch) | |
tree | 80b29cb3085b48eb17744aa74d5247fa572b7677 /apps/include | |
parent | e81c81c9af8a5d22658110d2dc753582eb87a58e (diff) |
Revise s_client and s_server verbiage re secure renegotiation.
Since TLS v1.3 eschews renegotiation entirely it’s misleading to have
these apps say it’s “not supported” when in fact the TLS version is
new enough not to need renegotiation at all.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16937)
Diffstat (limited to 'apps/include')
-rw-r--r-- | apps/include/s_apps.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/apps/include/s_apps.h b/apps/include/s_apps.h index d610df40be..194ea746ed 100644 --- a/apps/include/s_apps.h +++ b/apps/include/s_apps.h @@ -15,6 +15,9 @@ #define PORT "4433" #define PROTOCOL "tcp" +#define SSL_VERSION_ALLOWS_RENEGOTIATION(s) \ + (SSL_is_dtls(s) || (SSL_version(s) < TLS1_3_VERSION)) + typedef int (*do_server_cb)(int s, int stype, int prot, unsigned char *context); int report_server_accept(BIO *out, int asock, int with_address, int with_pid); int do_server(int *accept_sock, const char *host, const char *port, @@ -79,6 +82,7 @@ int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApath, void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose); int set_keylog_file(SSL_CTX *ctx, const char *keylog_file); void print_ca_names(BIO *bio, SSL *s); +void ssl_print_secure_renegotiation_notes(BIO *bio, SSL *s); #ifndef OPENSSL_NO_SRP /* The client side SRP context that we pass to all SRP related callbacks */ |