We prevent compression both when the server is parsing the ClientHello
and when the client is constructing the ClientHello. A 1.3 ServerHello
has no way to hand us back a compression method, and we already check
that the server does not try to give us back a compression method that
we did not request, so these checks seem sufficient.
Weaken the INSTALL note slightly, as we do now expect to interoperate
with other implementations.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3131)
enable-tls1_3
TODO(TLS1.3): Make this enabled by default
Build support for TLS1.3. Note: This is a WIP feature and
- does not currently interoperate with other TLS1.3
- implementations! Use with caution!!
+ only a single draft version is supported. Implementations
+ of different draft versions will negotiate TLS 1.2 instead
+ of (draft) TLS 1.3. Use with caution!!
no-<prot>
Don't build support for negotiating the specified SSL/TLS
/* first we compress */
if (s->compress != NULL) {
- /*
- * TODO(TLS1.3): Make sure we prevent compression!!!
- */
if (!ssl3_do_compress(s, thiswr)
|| !WPACKET_allocate_bytes(thispkt, thiswr->length, NULL)) {
SSLerr(SSL_F_DO_SSL3_WRITE, SSL_R_COMPRESSION_FAILURE);
projects / openssl.git / commitdiff