From de2c7504ebd4ec15334ae151a31917753468f86f Mon Sep 17 00:00:00 2001
From: Emilia Kasper <emilia@openssl.org>
Date: Wed, 19 Nov 2014 16:40:27 +0100
Subject: Always require an advertised NewSessionTicket message.

The server must send a NewSessionTicket message if it advertised one
in the ServerHello, so make a missing ticket message an alert
in the client.

An equivalent change was independently made in BoringSSL, see commit
6444287806d801b9a45baf1f6f02a0e3a16e144c.

Reviewed-by: Matt Caswell <matt@openssl.org>
---
 CHANGES | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'CHANGES')

diff --git a/CHANGES b/CHANGES
index d90febc..0d9bd50 100644
--- a/CHANGES
+++ b/CHANGES
@@ -310,6 +310,10 @@
       the extension anew in the ServerHello. Previously, a TLS client would
       reuse the old extension state and thus accept a session ticket if one was
       announced in the initial ServerHello.
+
+      Similarly, ensure that the client requires a session ticket if one
+      was advertised in the ServerHello. Previously, a TLS client would
+      ignore a missing NewSessionTicket message.
       [Emilia Käsper]
 
   *) Accelerated NIST P-256 elliptic curve implementation for x86_64
@@ -639,6 +643,10 @@
       the extension anew in the ServerHello. Previously, a TLS client would
       reuse the old extension state and thus accept a session ticket if one was
       announced in the initial ServerHello.
+
+      Similarly, ensure that the client requires a session ticket if one
+      was advertised in the ServerHello. Previously, a TLS client would
+      ignore a missing NewSessionTicket message.
       [Emilia Käsper]
 
  Changes between 1.0.1i and 1.0.1j [15 Oct 2014]
-- 
cgit v1.1