[gnutls-devel] GnuTLS | handshake: defer setting downgrade sentinel until version is selected (!918)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Tue Feb 12 21:26:47 CET 2019


Nikos Mavrogiannopoulos started a new discussion on lib/handshake.c:

>  
>  	_gnutls_handshake_log("HSK[%p]: Selected version %s\n", session, session->security_parameters.pversion->name);
>  
> +	/* set downgrade sentinel if the server supports TLS 1.3 and

This will not set the special value if the server resumes a TLS1.2 session with session IDs. I'm not sure that's necessarily bad as the RFC doesn't say anything about resumption.

Another side-effect is `_gnutls_user_hello_func` can be simplified, and does no longer need to call `_gnutls_gen_server_random` if I read it correctly.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/918#note_140686177
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190212/3fb10770/attachment.html>


More information about the Gnutls-devel mailing list