CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2020/05/10 11:13:30
Modified files:
lib/libssl : tls13_handshake.c tls13_internal.h
tls13_server.c
Log message:
Send dummy ChangeCipherSpec messages from the TLSv1.3 server
If the client has requested middle box compatibility mode by sending
a non-empty legacy_session_id, the server must send a dummy CCS right
after its first handshake message. This means right after ServerHello
or HelloRetryRequest.
Two important improvements over the backed-out diffr: make sure that
First: client and server can send their dummy CCS at the correct moment
(right before the next flight or right after the current flight).
Second: as jsing noted, we also need to deal with the corner case that
tls13_send_dummy_ccs() can return TLS13_IO_WANT_POLLOUT.
with/ok jsing
