Re: [openssl-dev] [openssl.org #4392] [PATCH] Resolve DTLS cookie and version before session resumption.
On Mon, Mar 07, 2016 at 10:03:20PM +, David Benjamin via RT wrote: > Session resumption involves a version check, so version negotiation must > happen first. Currently, the DTLS implementation cannot do session > resumption in DTLS 1.0 because the ssl_version check always checks against > 1.2. > > Switching the order also removes the need to fixup ssl_version in DTLS > version negotiation. This has been fixed in the master branch. The 1.0.x branches look like they're affected too, so I'll leave this open. Kurt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4392 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4392] [PATCH] Resolve DTLS cookie and version before session resumption.
Session resumption involves a version check, so version negotiation must happen first. Currently, the DTLS implementation cannot do session resumption in DTLS 1.0 because the ssl_version check always checks against 1.2. Switching the order also removes the need to fixup ssl_version in DTLS version negotiation. The DTLS1-ECDHE-RSA-AES256-SHA-server test (and any other DTLS1-{cipher-name}-server test) in BoringSSL's test suite can be used to repro this: https://mta.openssl.org/pipermail/openssl-dev/2016-March/005779.html David -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4392 Please log in as guest with password guest if prompted 0006-Resolve-DTLS-cookie-and-version-before-session-resum.patch Description: Binary data -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev