mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-10 15:50:50 +02:00
2df4936092
DoTls13ClientHello enforces RFC 8446 Section 4.1.4 by comparing the cipher suite in the second ClientHello to the hrrCipherSuite cached on the server from the HelloRetryRequest. No existing test covers the mismatch branch, so a deletion of the check would silently allow a client to switch cipher suite between CH1 and CH2. Drive a partial handshake until the server has emitted the HRR, then flip the cached hrrCipherSuite on the server; processing CH2 must surface INVALID_PARAMETER.
Before creating any new configure files (.conf) read the CONF_FILES_README.md