cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id);
if (cipher == NULL) {
BIO_printf(bio_err, "Error finding suitable ciphersuite\n");
+ OPENSSL_free(key);
return 0;
}
OPT_ID_PREFIX, OPT_SERVERNAME, OPT_SERVERNAME_FATAL,
OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN,
OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
- OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_EARLY_DATA,
+ OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_RECV_MAX_EARLY, OPT_EARLY_DATA,
+ OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY,
OPT_R_ENUM,
OPT_S_ENUM,
OPT_V_ENUM,
#endif
{"keylogfile", OPT_KEYLOG_FILE, '>', "Write TLS secrets to file"},
{"max_early_data", OPT_MAX_EARLY, 'n',
- "The maximum number of bytes of early data"},
+ "The maximum number of bytes of early data as advertised in tickets"},
+ {"recv_max_early_data", OPT_RECV_MAX_EARLY, 'n',
+ "The maximum number of bytes of early data (hard limit)"},
{"early_data", OPT_EARLY_DATA, '-', "Attempt to read early data"},
+ {"num_tickets", OPT_S_NUM_TICKETS, 'n',
+ "The number of TLSv1.3 session tickets that a server will automatically issue" },
+ {"anti_replay", OPT_ANTI_REPLAY, '-', "Switch on anti-replay protection (default)"},
+ {"no_anti_replay", OPT_NO_ANTI_REPLAY, '-', "Switch off anti-replay protection"},
{NULL, OPT_EOF, 0, NULL}
};
char *srpuserseed = NULL;
char *srp_verifier_file = NULL;
#endif
+#ifndef OPENSSL_NO_SRTP
char *srtp_profiles = NULL;
+#endif
int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0;
int s_server_verify = SSL_VERIFY_NONE;
int s_server_session_id_context = 1; /* anything will do */
unsigned int split_send_fragment = 0, max_pipelines = 0;
const char *s_serverinfo_file = NULL;
const char *keylog_file = NULL;
- int max_early_data = -1;
+ int max_early_data = -1, recv_max_early_data = -1;
char *psksessf = NULL;
/* Init of few remaining global variables */
goto opthelp;
break;
case OPT_S_CASES:
+ case OPT_S_NUM_TICKETS:
+ case OPT_ANTI_REPLAY:
+ case OPT_NO_ANTI_REPLAY:
if (ssl_args == NULL)
ssl_args = sk_OPENSSL_STRING_new_null();
if (ssl_args == NULL
alpn_in = opt_arg();
break;
case OPT_SRTP_PROFILES:
+#ifndef OPENSSL_NO_SRTP
srtp_profiles = opt_arg();
+#endif
break;
case OPT_KEYMATEXPORT:
keymatexportlabel = opt_arg();
goto end;
}
break;
+ case OPT_RECV_MAX_EARLY:
+ recv_max_early_data = atoi(opt_arg());
+ if (recv_max_early_data < 0) {
+ BIO_printf(bio_err, "Invalid value for recv_max_early_data\n");
+ goto end;
+ }
+ break;
case OPT_EARLY_DATA:
early_data = 1;
if (max_early_data == -1)
ERR_print_errors(bio_err);
goto end;
}
+
+ SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY);
+
if (sdebug)
ssl_ctx_security_debug(ctx, sdebug);
if (max_early_data >= 0)
SSL_CTX_set_max_early_data(ctx, max_early_data);
+ if (recv_max_early_data >= 0)
+ SSL_CTX_set_recv_max_early_data(ctx, recv_max_early_data);
if (rev)
server_cb = rev_body;
if ((i < 0) || (!i && !read_from_terminal))
continue;
#else
- if ((SSL_version(con) == DTLS1_VERSION) &&
- DTLSv1_get_timeout(con, &timeout))
+ if (SSL_is_dtls(con) && DTLSv1_get_timeout(con, &timeout))
timeoutp = &timeout;
else
timeoutp = NULL;
i = select(width, (void *)&readfds, NULL, NULL, timeoutp);
- if ((SSL_version(con) == DTLS1_VERSION)
- && DTLSv1_handle_timeout(con) > 0) {
+ if ((SSL_is_dtls(con)) && DTLSv1_handle_timeout(con) > 0)
BIO_printf(bio_err, "TIMEOUT occurred\n");
- }
if (i <= 0)
continue;