forked from wolfSSL/wolfssl
Fix to not assume TLS v1.3 based on extended key share extension.
This commit is contained in:
David Garske
@@ -2778,6 +2778,10 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
|
|||||||
session->sslServer->version.minor = input[1];
|
session->sslServer->version.minor = input[1];
|
||||||
session->sslClient->version.major = input[0];
|
session->sslClient->version.major = input[0];
|
||||||
session->sslClient->version.minor = input[1];
|
session->sslClient->version.minor = input[1];
|
||||||
|
if (IsAtLeastTLSv1_3(session->sslServer->version)) {
|
||||||
|
/* The server side handshake encryption is on for future packets */
|
||||||
|
session->flags.serverCipherOn = 1;
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
case EXT_MASTER_SECRET:
|
case EXT_MASTER_SECRET:
|
||||||
#ifdef HAVE_EXTENDED_MASTER
|
#ifdef HAVE_EXTENDED_MASTER
|
||||||
@@ -3131,9 +3135,6 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
XMEMCPY(session->cliKeyShare, &input[2], ksLen);
|
XMEMCPY(session->cliKeyShare, &input[2], ksLen);
|
||||||
|
|
||||||
/* The server side handshake encryption is on for future packets */
|
|
||||||
session->flags.serverCipherOn = 1;
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
#ifdef HAVE_SESSION_TICKET
|
#ifdef HAVE_SESSION_TICKET
|
||||||
|
|||||||
Reference in New Issue
Block a user