From cf55859f44ab6f15a2e0d0c66c29c313e38b3070 Mon Sep 17 00:00:00 2001
From: Leander Schwarz <lschwarz@mozilla.com>
Date: Mon, 16 Jan 2023 17:56:45 +0000
Subject: Bug 1790357: ECH client - Discard resumption TLS < 1.3
 Session(IDs|Tickets) if ECH configs are setup. r=djackson

Differential Revision: https://phabricator.services.mozilla.com/D157110
---
 lib/ssl/ssl3con.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'lib')

diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
index e05dc0612..103e41581 100644
--- a/lib/ssl/ssl3con.c
+++ b/lib/ssl/ssl3con.c
@@ -5352,6 +5352,14 @@ ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type)
             if (!suite || !ssl3_config_match(suite, ss->ssl3.policy, &vrange, ss)) {
                 sidOK = PR_FALSE;
             }
+
+            /* Check that no (valid) ECHConfigs are setup in combination with a
+             * (resumable) TLS < 1.3 session id. */
+            if (!PR_CLIST_IS_EMPTY(&ss->echConfigs)) {
+                /* If there are ECH configs, the client must not resume but
+                 * offer ECH. */
+                sidOK = PR_FALSE;
+            }
         }
 
         /* Check that we can recover the master secret. */
-- 
cgit v1.2.1