diff options
author | Matt Caswell <matt@openssl.org> | 2016-11-09 14:06:12 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-11-23 15:31:21 +0000 |
commit | 92760c21e62c6e5ef172fa110cf47a509cd50f2f (patch) | |
tree | a1aa35edbe72218b6897221e9427456199ef5e95 /include | |
parent | 0d9824c1712b6cacd9b0ecfba26fb66ae4badfb4 (diff) |
Update state machine to be closer to TLS1.3
This is a major overhaul of the TLSv1.3 state machine. Currently it still
looks like TLSv1.2. This commit changes things around so that it starts
to look a bit less like TLSv1.2 and bit more like TLSv1.3.
After this commit we have:
ClientHello
+ key_share ---->
ServerHello
+key_share
{CertificateRequest*}
{Certificate*}
{CertificateStatus*}
<---- {Finished}
{Certificate*}
{CertificateVerify*}
{Finished} ---->
[ApplicationData] <---> [Application Data]
Key differences between this intermediate position and the final TLSv1.3
position are:
- No EncryptedExtensions message yet
- No server side CertificateVerify message yet
- CertificateStatus still exists as a separate message
- A number of the messages are still in the TLSv1.2 format
- Still running on the TLSv1.2 record layer
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/openssl/ssl.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 5064e65cf5..2fd0e9fb42 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2242,7 +2242,8 @@ int ERR_load_SSL_strings(void); # define SSL_F_SSL_WRITE_EX 433 # define SSL_F_STATE_MACHINE 353 # define SSL_F_TLS12_CHECK_PEER_SIGALG 333 -# define SSL_F_TLS13_CHANGE_CIPHER_STATE 435 +# define SSL_F_TLS13_CHANGE_CIPHER_STATE 440 +# define SSL_F_TLS13_SETUP_KEY_BLOCK 441 # define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 # define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS 341 # define SSL_F_TLS1_ENC 401 @@ -2336,6 +2337,7 @@ int ERR_load_SSL_strings(void); # define SSL_R_BIO_NOT_SET 128 # define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 # define SSL_R_BN_LIB 130 +# define SSL_R_CANNOT_CHANGE_CIPHER 109 # define SSL_R_CA_DN_LENGTH_MISMATCH 131 # define SSL_R_CA_KEY_TOO_SMALL 397 # define SSL_R_CA_MD_TOO_WEAK 398 |