artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6f6f3cb) | patch
Ignore the record version for early alerts
authortb <tb@openbsd.org>
Tue, 8 Jun 2021 18:05:47 +0000 (18:05 +0000)
committertb <tb@openbsd.org>
Tue, 8 Jun 2021 18:05:47 +0000 (18:05 +0000)
commit57350ff906c2194c4a8ea6cae315ff5ba63a4a3f
tree64f58fa4977de8df12b332c6cad9a002d367a2aftree | snapshot
parent6f6f3cb98ab1750835c247386b5e8f8015a29b5ecommit | diff
Ignore the record version for early alerts

On receiving the first flight from the peer, we do not yet know if
we are using TLSv1.3. In particular, we might get an alert record
with record version 0x0300 from a pre-TLSv1.2 peer in response to
our client hello. Ignore the record version instead of sending a
protocol version alert in that situtation. This may also be hit
when talking to a LibreSSL 3.3 server with an illegal SNI.

Part of an issue reported by danj.

ok jsing
lib/libssl/tls13_record_layer.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim