On Tue, May 5, 2020 at 2:40 PM <jor...@apache.org> wrote:
>
> - /* With TLS 1.3 this callback may be called multiple times on the first
> - * negotiation, so the below logic to detect renegotiations can't work.
> - * Fortunately renegotiations are forbidden starting with TLS 1.3, and
> - * this is enforced by OpenSSL so there's nothing to be done here.
> - */
> -#if SSL_HAVE_PROTOCOL_TLSV1_3
> - if (SSL_version(ssl) < TLS1_3_VERSION)
> -#endif
> +#ifndef SSL_OP_NO_RENEGOTATION
> + /* With OpenSSL < 1.1.1 (implying TLS v1.2 or earlier), this
> + * callback is used to block client-initiated renegotiation. With
> + * TLSv1.3 it is unnecessary since renegotiation is forbidden at
> + * protocol level. Otherwise (TLSv1.2 with OpenSSL >=1.1.1),
> + * SSL_OP_NO_RENEGOTATION is used to block renegotiation. */
> {
Maybe this needs to stay a runtime check because of (possible) "-TLSv1.3"?
(I didn't look at the other places where we now assume(?) that openssl
>= 1.1.1 will do the right things wrt renegotiations even if the
actual protocol is < TLSv1.3).
Regards;
Yann.
