Do not resume a session if the negotiated protocol version does not match

the session's version (server). See also BoringSSL's commit bdf5e72f50e25f0e45e825c156168766d8442dde. Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit 9e189b9dc10786c755919e6792e923c584c918a1)
author: David Benjamin <davidben@chromium.org> 2014-11-20 16:22:40 +0100
committer: Emilia Kasper <emilia@openssl.org> 2014-11-20 16:31:42 +0100
commit: 7fc5f4f11782494d620a752ecfb0cb8867e80860 (patch)
tree: b87e1326c83fe2c62de94d2340d0cdb7a42f771f /ssl/s3_srvr.c
parent: 249a3e362fe406f8bc05cd3e69955a34a080b2b9 (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index e710898402..59ff271381 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1051,7 +1051,16 @@ int ssl3_get_client_hello(SSL *s)
 	else
 		{
 		i=ssl_get_prev_session(s, p, j, d + n);
-		if (i == 1)
+		/*
+		 * Only resume if the session's version matches the negotiated
+		 * version.
+		 * RFC 5246 does not provide much useful advice on resumption
+		 * with a different protocol version. It doesn't forbid it but
+		 * the sanity of such behaviour would be questionable.
+		 * In practice, clients do not accept a version mismatch and
+		 * will abort the handshake with an error.
+		 */
+		if (i == 1 && s->version == s->session->ssl_version)
 			{ /* previous session */
 			s->hit=1;
 			}
author	David Benjamin <davidben@chromium.org>	2014-11-20 16:22:40 +0100
committer	Emilia Kasper <emilia@openssl.org>	2014-11-20 16:31:42 +0100
commit	7fc5f4f11782494d620a752ecfb0cb8867e80860 (patch)
tree	b87e1326c83fe2c62de94d2340d0cdb7a42f771f /ssl/s3_srvr.c
parent	249a3e362fe406f8bc05cd3e69955a34a080b2b9 (diff)