Merge pull request #1971 from SparkiDev/tls13_old_hello

Don't expect old ClientHello when version is TLS 1.3
2025-07-30 02:37:28 +02:00 · 2018-12-18 15:38:44 -08:00
parent f1c62f191d c628562ee7
commit 4a170c0399
2 changed files with 2 additions and 1 deletions
--- a/src/tls13.c
+++ b/src/tls13.c
@ -8194,7 +8194,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
        case TLS13_ACCEPT_FIRST_REPLY_DONE :
            if (ssl->options.serverState ==
                                          SERVER_HELLO_RETRY_REQUEST_COMPLETE) {
-                ssl->options.clientState = NULL_STATE;
+                ssl->options.clientState = CLIENT_HELLO_RETRY;
                while (ssl->options.clientState < CLIENT_HELLO_COMPLETE) {
                    if ((ssl->error = ProcessReply(ssl)) < 0) {
                        WOLFSSL_ERROR(ssl->error);
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@ -1508,6 +1508,7 @@ enum states {
 	SERVER_CHANGECIPHERSPEC_COMPLETE,
    SERVER_FINISHED_COMPLETE,

+    CLIENT_HELLO_RETRY,
    CLIENT_HELLO_COMPLETE,
    CLIENT_KEYEXCHANGE_COMPLETE,
 	CLIENT_CHANGECIPHERSPEC_COMPLETE,