[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Matt Caswell matt at openssl.org
Wed Aug 26 09:31:55 UTC 2015

The branch OpenSSL_1_0_2-stable has been updated
       via  2f2295a5961f942d0e1f5676166513fa57a1903b (commit)
      from  8e0b56b99647872cde4c4770852e1be04a8d243b (commit)

- Log -----------------------------------------------------------------
commit 2f2295a5961f942d0e1f5676166513fa57a1903b
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Aug 13 10:06:30 2015 +0100

    Fix DTLS session ticket renewal
    A DTLS client will abort a handshake if the server attempts to renew the
    session ticket. This is caused by a state machine discrepancy between DTLS
    and TLS discovered during the state machine rewrite work.
    The bug can be demonstrated as follows:
    Start a DTLS s_server instance:
    openssl s_server -dtls
    Start a client and obtain a session but no ticket:
    openssl s_client -dtls -sess_out session.pem -no_ticket
    Now start a client reusing the session, but allow a ticket:
    openssl s_client -dtls -sess_in session.pem
    The client will abort the handshake.
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (cherry picked from commit ee4ffd6fccd169775ba74afb1dbfecff48ee413d)


Summary of changes:
 ssl/d1_clnt.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index c84df98..feeaf6d 100644
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -382,6 +382,10 @@ int dtls1_connect(SSL *s)
                     s->state = SSL3_ST_CR_FINISHED_A;
+                    if (s->tlsext_ticket_expected) {
+                        /* receive renewed session ticket */
+                        s->state = SSL3_ST_CR_SESSION_TICKET_A;
+                    }
                 } else
                     s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;

More information about the openssl-commits mailing list