if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY
|| s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING)
st->hand_state = TLS_ST_PENDING_EARLY_DATA_END;
+ else if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0
+ && !s->hello_retry_request)
+ st->hand_state = TLS_ST_CW_CHANGE;
else
st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT
: TLS_ST_CW_FINISHED;
/* Fall through */
case TLS_ST_CW_END_OF_EARLY_DATA:
+ case TLS_ST_CW_CHANGE:
st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT
: TLS_ST_CW_FINISHED;
return WRITE_TRAN_CONTINUE;
break;
case TLS_ST_CW_CHANGE:
+ if (SSL_IS_TLS13(s))
+ break;
s->session->cipher = s->s3->tmp.new_cipher;
#ifdef OPENSSL_NO_COMP
s->session->compress_meth = 0;
substr($packet, TLS_RECORD_HEADER_LENGTH, $len_real)
);
- if (($server && $server_encrypting)
- || (!$server && $client_encrypting)) {
- if (!TLSProxy::Proxy->is_tls13() && $etm) {
- $record->decryptETM();
- } else {
- $record->decrypt();
+ if (!TLSProxy::Proxy->is_tls13() || $content_type != RT_CCS) {
+ if (($server && $server_encrypting)
+ || (!$server && $client_encrypting)) {
+ if (!TLSProxy::Proxy->is_tls13() && $etm) {
+ $record->decryptETM();
+ } else {
+ $record->decrypt();
+ }
+ $record->encrypted(1);
}
- $record->encrypted(1);
- }
- if (TLSProxy::Proxy->is_tls13()) {
- print " Inner content type: "
- .$record_type{$record->content_type()}."\n";
+ if (TLSProxy::Proxy->is_tls13()) {
+ print " Inner content type: "
+ .$record_type{$record->content_type()}."\n";
+ }
}
push @record_list, $record;