projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f023ba2) | patch
Add an anti-replay mechanism
authorMatt Caswell <matt@openssl.org>
Fri, 16 Mar 2018 09:25:34 +0000 (09:25 +0000)
committerMatt Caswell <matt@openssl.org>
Mon, 19 Mar 2018 12:21:41 +0000 (12:21 +0000)
commit66d7de163491bfa5819fb80b77d321beb58384d4
treeb2a5fcb49174f0d108ed54d15218c64dd74a0afctree | snapshot
parentf023ba2df821d186d73fefda6fa5cafcc5a3ee39commit | diff
Add an anti-replay mechanism

If the server is configured to allow early data then we check if the PSK
session presented by the client is available in the cache or not. If it
isn't then this may be a replay and we disallow it. If it is then we allow
it and remove the session from the cache. Note: the anti-replay protection
is not used for externally established PSKs.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)
ssl/ssl_sess.c diff | blob | history
ssl/statem/extensions_srvr.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.