summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrantisek Krenzelok <krenzelok.frantisek@gmail.com>2022-11-10 14:09:37 +0100
committerFrantisek Krenzelok <krenzelok.frantisek@gmail.com>2023-01-27 15:13:26 +0100
commit91a59254eeb41a22d6e17d528ff4d8c3f62a3a7c (patch)
treedab6f67d457f77cd254197768afeda839abd0bb1
parent9ce52c6749964105d7a44bb4dc3977dac266873d (diff)
downloadgnutls-91a59254eeb41a22d6e17d528ff4d8c3f62a3a7c.tar.gz
DTLS1_3: Disable TLS1_3 compatibility mode
disable rfc8446#appendix-D.4 Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
Diffstat
-rw-r--r--lib/handshake-tls13.c3
-rw-r--r--lib/handshake.c2
2 files changed, 3 insertions, 2 deletions
diff --git a/lib/handshake-tls13.c b/lib/handshake-tls13.c
index d2c2c1389a..8dee8d1186 100644
--- a/lib/handshake-tls13.c
+++ b/lib/handshake-tls13.c
@@ -84,7 +84,8 @@ int _gnutls13_handshake_client(gnutls_session_t session)
case STATE99:
case STATE100:
#ifdef TLS13_APPENDIX_D4
- if (session->internals.priorities->tls13_compat_mode &&
+ if (!IS_DTLS(session) &&
+ session->internals.priorities->tls13_compat_mode &&
/* Key change is indicated by sending an EndOfEarlyData below */
!(session->internals.hsk_flags & HSK_EARLY_DATA_IN_FLIGHT)) {
/* We send it before keys are generated. That works because CCS
diff --git a/lib/handshake.c b/lib/handshake.c
index a309e61675..38718b6d52 100644
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -2266,7 +2266,7 @@ static int send_client_hello(gnutls_session_t session, int again)
}
#ifdef TLS13_APPENDIX_D4
- if (max_ver->tls13_sem &&
+ if (max_ver->tls13_sem && max_ver->transport == GNUTLS_STREAM &&
session->internals.priorities->tls13_compat_mode &&
!resuming) {
if (!(session->internals.hsk_flags & HSK_HRR_RECEIVED)) {
View Lorry Controller Status