Add a TODO(TLS1.3) about renegotation

Renegotiation does not exist in TLS1.3, so we need to disable it at some point. Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Matt Caswell <matt@openssl.org> 2016-11-02 11:33:20 +0000
committer: Matt Caswell <matt@openssl.org> 2016-11-09 16:03:09 +0000
commit: d2f42576c46ce84662134a68ccbf76bd1cf639ba (patch)
tree: e20aa8002e7d99230378940f16df3110b33f3589
parent: 17d01b420151d05edd347b584fa1942f5b914fc5 (diff)
download: openssl-d2f42576c46ce84662134a68ccbf76bd1cf639ba.zip
openssl-d2f42576c46ce84662134a68ccbf76bd1cf639ba.tar.gz
openssl-d2f42576c46ce84662134a68ccbf76bd1cf639ba.tar.bz2
1 files changed, 5 insertions, 0 deletions
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 117462a..6c51699 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1002,6 +1002,11 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello)
 
     switch (server_version) {
     default:
+        /*
+         * TODO(TLS1.3): This check will fail if someone attempts to do
+         * renegotiation in TLS1.3 at the moment. We need to ensure we disable
+         * renegotiation for TLS1.3
+         */
         if (version_cmp(s, client_version, s->version) < 0)
             return SSL_R_WRONG_SSL_VERSION;
         /*
author	Matt Caswell <matt@openssl.org>	2016-11-02 11:33:20 +0000
committer	Matt Caswell <matt@openssl.org>	2016-11-09 16:03:09 +0000
commit	d2f42576c46ce84662134a68ccbf76bd1cf639ba (patch)
tree	e20aa8002e7d99230378940f16df3110b33f3589
parent	17d01b420151d05edd347b584fa1942f5b914fc5 (diff)
download	openssl-d2f42576c46ce84662134a68ccbf76bd1cf639ba.zip openssl-d2f42576c46ce84662134a68ccbf76bd1cf639ba.tar.gz openssl-d2f42576c46ce84662134a68ccbf76bd1cf639ba.tar.bz2