From: Matt Caswell Date: Wed, 2 Nov 2016 11:33:20 +0000 (+0000) Subject: Add a TODO(TLS1.3) about renegotation X-Git-Tag: OpenSSL_1_1_1-pre1~3121 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=d2f42576c46ce84662134a68ccbf76bd1cf639ba;p=oweals%2Fopenssl.git Add a TODO(TLS1.3) about renegotation Renegotiation does not exist in TLS1.3, so we need to disable it at some point. Reviewed-by: Rich Salz --- diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 117462a81e..6c51699d33 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1002,6 +1002,11 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello) switch (server_version) { default: + /* + * TODO(TLS1.3): This check will fail if someone attempts to do + * renegotiation in TLS1.3 at the moment. We need to ensure we disable + * renegotiation for TLS1.3 + */ if (version_cmp(s, client_version, s->version) < 0) return SSL_R_WRONG_SSL_VERSION; /*