diff options
author | Frantisek Krenzelok <krenzelok.frantisek@gmail.com> | 2022-11-10 14:09:37 +0100 |
---|---|---|
committer | Frantisek Krenzelok <krenzelok.frantisek@gmail.com> | 2023-01-27 15:13:26 +0100 |
commit | 91a59254eeb41a22d6e17d528ff4d8c3f62a3a7c (patch) | |
tree | dab6f67d457f77cd254197768afeda839abd0bb1 | |
parent | 9ce52c6749964105d7a44bb4dc3977dac266873d (diff) | |
download | gnutls-91a59254eeb41a22d6e17d528ff4d8c3f62a3a7c.tar.gz |
DTLS1_3: Disable TLS1_3 compatibility mode
disable rfc8446#appendix-D.4
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
-rw-r--r-- | lib/handshake-tls13.c | 3 | ||||
-rw-r--r-- | lib/handshake.c | 2 |
2 files changed, 3 insertions, 2 deletions
diff --git a/lib/handshake-tls13.c b/lib/handshake-tls13.c index d2c2c1389a..8dee8d1186 100644 --- a/lib/handshake-tls13.c +++ b/lib/handshake-tls13.c @@ -84,7 +84,8 @@ int _gnutls13_handshake_client(gnutls_session_t session) case STATE99: case STATE100: #ifdef TLS13_APPENDIX_D4 - if (session->internals.priorities->tls13_compat_mode && + if (!IS_DTLS(session) && + session->internals.priorities->tls13_compat_mode && /* Key change is indicated by sending an EndOfEarlyData below */ !(session->internals.hsk_flags & HSK_EARLY_DATA_IN_FLIGHT)) { /* We send it before keys are generated. That works because CCS diff --git a/lib/handshake.c b/lib/handshake.c index a309e61675..38718b6d52 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -2266,7 +2266,7 @@ static int send_client_hello(gnutls_session_t session, int again) } #ifdef TLS13_APPENDIX_D4 - if (max_ver->tls13_sem && + if (max_ver->tls13_sem && max_ver->transport == GNUTLS_STREAM && session->internals.priorities->tls13_compat_mode && !resuming) { if (!(session->internals.hsk_flags & HSK_HRR_RECEIVED)) { |