artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f00a771) | patch
Provide a way to determine our maximum legacy version.
authorjsing <jsing@openbsd.org>
Sat, 23 Oct 2021 14:40:54 +0000 (14:40 +0000)
committerjsing <jsing@openbsd.org>
Sat, 23 Oct 2021 14:40:54 +0000 (14:40 +0000)
commit01f29c5863db264d49df9ef75eb14989e256c631
tree5822df216849a0ac9162ed5b3cebfc1b7b5b2dfftree | snapshot
parentf00a771dbcc15665581d0f8e438180ee3367ff74commit | diff
Provide a way to determine our maximum legacy version.

With the introduction of TLSv1.3, we need the ability to determine our
maximum legacy version and to track our peer's maximum legacy version.
This is needed for both the TLS record layer when using TLSv1.3, plus
it is needed for RSA key exhange in TLS prior to TLSv1.3, where the
maximum legacy version is incorporated in the pre-master secret to
avoid downgrade attacks.

This unbreaks RSA KEX for the TLS client when the non-version specific
method is used with TLSv1.0 or TLSv1.1 (clearly no one does this).

ok tb@
lib/libssl/ssl_clnt.c diff | blob | history
lib/libssl/ssl_locl.h diff | blob | history
lib/libssl/ssl_srvr.c diff | blob | history
lib/libssl/ssl_versions.c diff | blob | history
lib/libssl/tls13_client.c diff | blob | history
lib/libssl/tls13_legacy.c diff | blob | history
lib/libssl/tls13_server.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim