From 4954fd13b3c71f0f74677b78533f1176e13de032 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 29 Dec 2016 15:08:47 +0000 Subject: [PATCH] Temporarily ignore NewSessionTickets for TLS1.3 We can't handle these messages yet, so ignore them for now. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2157) --- ssl/record/rec_layer_s3.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 486da643d9..3ffe29ad00 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1374,6 +1374,16 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } } + /* + * TODO(TLS1.3): Temporarily we will just ignore NewSessionTicket messages. + * Later we will want to process them. + */ + if (!s->server && SSL_IS_TLS13(s) && s->rlayer.handshake_fragment_len >= 4 + && s->rlayer.handshake_fragment[0] == SSL3_MT_NEWSESSION_TICKET) { + SSL3_RECORD_set_read(rr); + goto start; + } + /*- * s->rlayer.handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE; * s->rlayer.alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT. -- 2.25.1