dtls1_start_timer(s);
}
} else {
- /*
- * In TLSv1.3 we update the cache as part of processing the
- * NewSessionTicket
- */
- if (!SSL_IS_TLS13(s))
+ if (SSL_IS_TLS13(s)) {
+ /*
+ * We encourage applications to only use TLSv1.3 tickets once,
+ * so we remove this one from the cache.
+ */
+ if ((s->session_ctx->session_cache_mode
+ & SSL_SESS_CACHE_CLIENT) != 0)
+ SSL_CTX_remove_session(s->session_ctx, s->session);
+ } else {
+ /*
+ * In TLSv1.3 we update the cache as part of processing the
+ * NewSessionTicket
+ */
ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
+ }
if (s->hit)
CRYPTO_atomic_add(&s->session_ctx->stats.sess_hit, 1, &discard,
s->session_ctx->lock);
*
* Returns 1 when supported, otherwise 0
*/
-int ssl_version_supported(const SSL *s, int version)
+int ssl_version_supported(const SSL *s, int version, const SSL_METHOD **meth)
{
const version_info *vent;
const version_info *table;
if (vent->cmeth != NULL &&
version_cmp(s, version, vent->version) == 0 &&
ssl_method_error(s, vent->cmeth()) == 0) {
+ if (meth != NULL)
+ *meth = vent->cmeth();
return 1;
}
}
static void check_for_downgrade(SSL *s, int vers, DOWNGRADE *dgrd)
{
if (vers == TLS1_2_VERSION
- && ssl_version_supported(s, TLS1_3_VERSION)) {
+ && ssl_version_supported(s, TLS1_3_VERSION, NULL)) {
*dgrd = DOWNGRADE_TO_1_2;
} else if (!SSL_IS_DTLS(s) && vers < TLS1_2_VERSION
- && (ssl_version_supported(s, TLS1_2_VERSION)
- || ssl_version_supported(s, TLS1_3_VERSION))) {
+ && (ssl_version_supported(s, TLS1_2_VERSION, NULL)
+ || ssl_version_supported(s, TLS1_3_VERSION, NULL))) {
*dgrd = DOWNGRADE_TO_1_1;
} else {
*dgrd = DOWNGRADE_NONE;
unsigned int best_vers = 0;
const SSL_METHOD *best_method = NULL;
PACKET versionslist;
+ /* TODO(TLS1.3): Remove this before release */
+ unsigned int orig_candidate = 0;
suppversions->parsed = 1;
while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
/* TODO(TLS1.3): Remove this before release */
- if (candidate_vers == TLS1_3_VERSION_DRAFT)
+ if (candidate_vers == TLS1_3_VERSION_DRAFT
+ || candidate_vers == TLS1_3_VERSION_DRAFT_27
+ || candidate_vers == TLS1_3_VERSION_DRAFT_26) {
+ if (best_vers == TLS1_3_VERSION
+ && orig_candidate > candidate_vers)
+ continue;
+ orig_candidate = candidate_vers;
candidate_vers = TLS1_3_VERSION;
+ } else if (candidate_vers == TLS1_3_VERSION) {
+ /* Don't actually accept real TLSv1.3 */
+ continue;
+ }
/*
* TODO(TLS1.3): There is some discussion on the TLS list about
* whether to ignore versions <TLS1.2 in supported_versions. At the
*/
if (version_cmp(s, candidate_vers, best_vers) <= 0)
continue;
- for (vent = table;
- vent->version != 0 && vent->version != (int)candidate_vers;
- ++vent)
- continue;
- if (vent->version != 0 && vent->smeth != NULL) {
- const SSL_METHOD *method;
-
- method = vent->smeth();
- if (ssl_method_error(s, method) == 0) {
- best_vers = candidate_vers;
- best_method = method;
- }
- }
+ if (ssl_version_supported(s, candidate_vers, &best_method))
+ best_vers = candidate_vers;
}
if (PACKET_remaining(&versionslist) != 0) {
/* Trailing data? */
}
check_for_downgrade(s, best_vers, dgrd);
s->version = best_vers;
+ /* TODO(TLS1.3): Remove this before release */
+ if (best_vers == TLS1_3_VERSION)
+ s->version_draft = orig_candidate;
s->method = best_method;
return 0;
}