From 6062a274bbbefdf2d5d596fe6b6f004789fb4219 Mon Sep 17 00:00:00 2001 From: Leander Schwarz Date: Fri, 26 Aug 2022 14:35:37 +0000 Subject: Bug 1779361 - Removed skipping of ECH on equality of private and public SNI server name. r=djackson Differential Revision: https://phabricator.services.mozilla.com/D151696 --- gtests/nss_bogo_shim/config.json | 2 +- lib/ssl/tls13ech.c | 5 ----- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/gtests/nss_bogo_shim/config.json b/gtests/nss_bogo_shim/config.json index 6d9b51985..e431730ed 100644 --- a/gtests/nss_bogo_shim/config.json +++ b/gtests/nss_bogo_shim/config.json @@ -44,7 +44,7 @@ "*ECH*CompressSupportedVersions":"NSS never compresses supported versions, Bogo does if CHOuter is TLS 1.3 only (equal to CHInner).", "*ECH*NoSupportedConfigs*":"NSS throws error if unsupported but well formed retry configs could not be set on client, Bogo just does not offer ECH.", "*ECH*RandomHRR*":"NSS sends real ECH in CH2 after receiving HRR rejcting ECH formally, Bogo expects instant ech_required alert. Bug 1779357", - "*ECH*ServerName*":"TODO", + "*ECH*UnsolicitedInnerServerNameAck*":"TODO", "####################":"####################", "### TLS1/11 failures due to unsupported signature algorithms":"", diff --git a/lib/ssl/tls13ech.c b/lib/ssl/tls13ech.c index 37d35c5bd..7b485720c 100644 --- a/lib/ssl/tls13ech.c +++ b/lib/ssl/tls13ech.c @@ -762,11 +762,6 @@ tls13_ClientSetupEch(sslSocket *ss, sslClientHelloType type) * KDF/AEADs, so just use the first. */ cfg = (sslEchConfig *)PR_LIST_HEAD(&ss->echConfigs); - /* Skip ECH if the public name matches the private name. */ - if (0 == PORT_Strcmp(cfg->contents.publicName, ss->url)) { - return SECSuccess; - } - SSL_TRC(50, ("%d: TLS13[%d]: Setup client ECH", SSL_GETPID(), ss->fd)); -- cgit v1.2.1