diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/ssl/ssl3con.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index e05dc0612..103e41581 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -5352,6 +5352,14 @@ ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type) if (!suite || !ssl3_config_match(suite, ss->ssl3.policy, &vrange, ss)) { sidOK = PR_FALSE; } + + /* Check that no (valid) ECHConfigs are setup in combination with a + * (resumable) TLS < 1.3 session id. */ + if (!PR_CLIST_IS_EMPTY(&ss->echConfigs)) { + /* If there are ECH configs, the client must not resume but + * offer ECH. */ + sidOK = PR_FALSE; + } } /* Check that we can recover the master secret. */ |