feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fix to not assume TLS v1.3 based on extended key share extension.

Browse Source
This commit is contained in:
David Garske
2020-09-21 17:53:13 -07:00
parent bc960a9c25
commit 7cfbc598ed
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/sniffer.c
View File

@ -2778,6 +2778,10 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
session->sslServer->version.minor = input[1];
session->sslClient->version.major = input[0];
session->sslClient->version.minor = input[1];
if (IsAtLeastTLSv1_3(session->sslServer->version)) {
/* The server side handshake encryption is on for future packets */
session->flags.serverCipherOn = 1;
}
break;
case EXT_MASTER_SECRET:
#ifdef HAVE_EXTENDED_MASTER
@ -3131,9 +3135,6 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
break;
}
XMEMCPY(session->cliKeyShare, &input[2], ksLen);
/* The server side handshake encryption is on for future packets */
session->flags.serverCipherOn = 1;
break;
}
#ifdef HAVE_SESSION_TICKET