Add a TODO(TLS1.3) about renegotation

author Matt Caswell <matt@openssl.org>

Wed, 2 Nov 2016 11:33:20 +0000 (11:33 +0000)

committer Matt Caswell <matt@openssl.org>

Wed, 9 Nov 2016 16:03:09 +0000 (16:03 +0000)
author Matt Caswell <matt@openssl.org>
Wed, 2 Nov 2016 11:33:20 +0000 (11:33 +0000)
committer Matt Caswell <matt@openssl.org>
Wed, 9 Nov 2016 16:03:09 +0000 (16:03 +0000)
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c

index 117462a81eea27722bf12e257ae6fbe78268de52..6c51699d3300de1af062316f9ba1b16a9abaa433 100644 (file)
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1002,6 +1002,11 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello)
  
      switch (server_version) {
      default:
+        /*
+         * TODO(TLS1.3): This check will fail if someone attempts to do
+         * renegotiation in TLS1.3 at the moment. We need to ensure we disable
+         * renegotiation for TLS1.3
+         */
          if (version_cmp(s, client_version, s->version) < 0)
              return SSL_R_WRONG_SSL_VERSION;
          /*
author	Matt Caswell <matt@openssl.org>
	Wed, 2 Nov 2016 11:33:20 +0000 (11:33 +0000)
committer	Matt Caswell <matt@openssl.org>
	Wed, 9 Nov 2016 16:03:09 +0000 (16:03 +0000)