mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix the Old ClientHello detection with TLS 1.3 with new state

Browse Source 
Put the clientState into CLIENT_HELLO_RETRY (new state) when waiting for
second ClientHello.
Chrome sends change_cipher_spec message, for reasons of compatability,
which meets the requirements of the Old ClientHello detection when state
of client is NULL.
This commit is contained in:
Sean Parkinson 2018-12-11 10:42:09 +10:00
parent a484749f4c
commit c628562ee7
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/tls13.c
View File

@ -8194,7 +8194,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
case TLS13_ACCEPT_FIRST_REPLY_DONE : case TLS13_ACCEPT_FIRST_REPLY_DONE :
if (ssl->options.serverState == if (ssl->options.serverState ==
SERVER_HELLO_RETRY_REQUEST_COMPLETE) { SERVER_HELLO_RETRY_REQUEST_COMPLETE) {
ssl->options.clientState = NULL_STATE; ssl->options.clientState = CLIENT_HELLO_RETRY;
while (ssl->options.clientState < CLIENT_HELLO_COMPLETE) { while (ssl->options.clientState < CLIENT_HELLO_COMPLETE) {
if ((ssl->error = ProcessReply(ssl)) < 0) { if ((ssl->error = ProcessReply(ssl)) < 0) {
WOLFSSL_ERROR(ssl->error); WOLFSSL_ERROR(ssl->error);

1
wolfssl/internal.h
View File

@ -1508,6 +1508,7 @@ enum states {
SERVER_CHANGECIPHERSPEC_COMPLETE, SERVER_CHANGECIPHERSPEC_COMPLETE,
SERVER_FINISHED_COMPLETE, SERVER_FINISHED_COMPLETE,
CLIENT_HELLO_RETRY,
CLIENT_HELLO_COMPLETE, CLIENT_HELLO_COMPLETE,
CLIENT_KEYEXCHANGE_COMPLETE, CLIENT_KEYEXCHANGE_COMPLETE,
CLIENT_CHANGECIPHERSPEC_COMPLETE, CLIENT_CHANGECIPHERSPEC_COMPLETE,