All, Running into an issue with OpenSSL 1.0.1h and EAP-FAST/wpa_supplicant TLS session resumption.
CVE-2014-0224 code added code to reject the ChangeCipherSpec message if it is received in incorrect order. Normally the TLS client sends the Finished message before the ChangeCipherSpec message is received from the server. The 1.0.1h code now appears to set a flag SSL3_FLAGS_CCX_OK when Finished is sent by the client. And the code checks this flag when the ChangeCipherSpec message is received; rejecting the CCS packet if the flag isn't set. Unfortunately for TLS session resumption, the server sends the ChangeCipherSpec *before* the client sends the Finished message. (See figure 2 of RFC4507 -- http://tools.ietf.org/html/rfc4507) This is resulting in the ChangeCipherSpec packet being rejected for EAP-FAST session resumption because the SSL3_FLAGS_CCS_OK isn't set. Any guidance would be appreciated. Thanks, Doug Note: EAP-FAST uses the SSL_set_session_ticket_ext...() functions to set the session ticket that is used for TLS session resumption.
