From cda6b99867e5f353c9c9da7127a92c4bf902a2f4 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 11 Jan 2017 16:29:38 +0000 Subject: [PATCH] Disable requests for renegotiation in TLSv1.3 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2259) --- ssl/ssl_lib.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 8e6a14393c..e9b566bea8 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1716,6 +1716,10 @@ int SSL_shutdown(SSL *s) int SSL_renegotiate(SSL *s) { + /* Do nothing in TLS1.3 */ + if (SSL_IS_TLS13(s)) + return 1; + if (s->renegotiate == 0) s->renegotiate = 1; @@ -1726,6 +1730,10 @@ int SSL_renegotiate(SSL *s) int SSL_renegotiate_abbreviated(SSL *s) { + /* Do nothing in TLS1.3 */ + if (SSL_IS_TLS13(s)) + return 1; + if (s->renegotiate == 0) s->renegotiate = 1; -- 2.25.1