rocket-tools/riscv-gnu-toolchain/qemu/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	David Benjamin <davidben@chromium.org>	2014-11-11 00:52:15 -0500
committer	Adam Langley <agl@google.com>	2014-11-13 22:05:12 +0000
commit	bdf5e72f50e25f0e45e825c156168766d8442dde (patch)
tree	316fb2d3877a529618767d8a415fe990c8a7a8e8 /include
parent	2f3ba910a2bdb9e7d19e712a827cdc80c8d8c777 (diff)
download	boringssl-bdf5e72f50e25f0e45e825c156168766d8442dde.zip boringssl-bdf5e72f50e25f0e45e825c156168766d8442dde.tar.gz boringssl-bdf5e72f50e25f0e45e825c156168766d8442dde.tar.bz2

Don't resume sessions if the negotiated version doesn't match.

All of NSS, upstream OpenSSL, SChannel, and Secure Transport require, on the client, that the ServerHello version match the session's version on resumption. OpenSSL's current behavior is incompatible with all of these. Fall back to a full handshake on the server instead of mismatch. Add a comment on the client for why we are, as of 30ddb434bfb845356fbacb6b2bd51f8814c7043c, not currently enforcing the same in the client. Change-Id: I60aec972d81368c4ec30e2fd515dabd69401d175 Reviewed-on: https://boringssl-review.googlesource.com/2244 Reviewed-by: Adam Langley <agl@google.com>

Diffstat (limited to 'include')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: