Skip to content

Commit

Permalink
checking legacy_session_id_echo
Browse files Browse the repository at this point in the history
  • Loading branch information
@kazu-yamamoto
kazu-yamamoto committed Dec 7, 2023
1 parent df9f4e7 commit 303f2d7
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions core/Network/TLS/Handshake/Client.hs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -770,6 +770,10 @@ onServerHello ctx cparams clientSession sentExts (ServerHello rver serverRan ser

ver <- usingState_ ctx getVersion

when (ver == TLS13 && clientSession /= serverSession) $
throwCore $
Error_Protocol "session is not matched in compatibility mode" IllegalParameter

-- Some servers set TLS 1.2 as the legacy server hello version, and TLS 1.3
-- in the supported_versions extension, *AND ALSO* set the TLS 1.2
-- downgrade signal in the server random. If we support TLS 1.3 and
Expand Down

0 comments on commit 303f2d7

Please sign in to comment.