diff options
author | Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk> | 2024-01-17 14:29:17 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-04-04 08:27:11 +0200 |
commit | 143483df9aff3ce4be4ba992a78e68ae07c687f2 (patch) | |
tree | fc2f5faa08210e19a84b92c3e829a733a850c12f /ssl/statem/statem_clnt.c | |
parent | c41bc1614932c188f8b20e26a082c0050739232f (diff) |
Fix sending session ids in DTLS-1.3
DTLS 1.3 session id must not be sent by client unless
it has a cached id. And DTLS 1.3 servers must not echo
a session id from a client.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22366)
Diffstat (limited to 'ssl/statem/statem_clnt.c')
-rw-r--r-- | ssl/statem/statem_clnt.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 616cc86b12..7509b69f7d 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1258,8 +1258,10 @@ CON_FUNC_RETURN tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt) /* Session ID */ session_id = s->session->session_id; - if (s->new_session || s->session->ssl_version == TLS1_3_VERSION || s->session->ssl_version == DTLS1_3_VERSION) { - if ((s->version == TLS1_3_VERSION || s->version == DTLS1_3_VERSION) + if (s->new_session + || s->session->ssl_version == TLS1_3_VERSION + || s->session->ssl_version == DTLS1_3_VERSION) { + if (s->version == TLS1_3_VERSION && (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0) { sess_id_len = sizeof(s->tmp_session_id); s->tmp_session_id_len = sess_id_len; |