diff options
author | Leander Schwarz <lschwarz@mozilla.com> | 2023-01-16 17:56:45 +0000 |
---|---|---|
committer | Leander Schwarz <lschwarz@mozilla.com> | 2023-01-16 17:56:45 +0000 |
commit | cf55859f44ab6f15a2e0d0c66c29c313e38b3070 (patch) | |
tree | bda932acea2d8e41c92945cde4b3c463784f6809 /lib | |
parent | 8fbccd58013ff02d09c796ac1fbdbdf2382747e6 (diff) | |
download | nss-hg-cf55859f44ab6f15a2e0d0c66c29c313e38b3070.tar.gz |
Bug 1790357: ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup. r=djackson
Differential Revision: https://phabricator.services.mozilla.com/D157110
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ssl/ssl3con.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index e05dc0612..103e41581 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -5352,6 +5352,14 @@ ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type) if (!suite || !ssl3_config_match(suite, ss->ssl3.policy, &vrange, ss)) { sidOK = PR_FALSE; } + + /* Check that no (valid) ECHConfigs are setup in combination with a + * (resumable) TLS < 1.3 session id. */ + if (!PR_CLIST_IS_EMPTY(&ss->echConfigs)) { + /* If there are ECH configs, the client must not resume but + * offer ECH. */ + sidOK = PR_FALSE; + } } /* Check that we can recover the master secret. */ |