[openssl-dev] Session resume with different TLS version?
David Woodhouse
dwmw2 at infradead.org
Tue Jul 26 23:29:28 UTC 2016
The deprecation of the version-specific methods such as
DTLSv1_client_method() has introduced a regression — the
SSL_OP_CISCO_ANYCONNECT hack doesn't work with DTLS_client_method().
I'm looking into fixing that (in PR#1296 along with a test case and
some fixes for various other regressions). In doing so, I uncovered a
slightly more generic question...
If I am resuming a session with SSL_set_session(), and that previous
session used a specific protocol... should we negotiate that *same*
protocol again, effectively setting the minimum and maximum protocol
versions to s->session->ssl_version?
Given that DTLS1_BAD_VER only *ever* needs to be used in a session
resume, that would be a perfectly acceptable way to obtain it...
--
David Woodhouse Open Source Technology Centre
David.Woodhouse at intel.com Intel Corporation
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5760 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160727/1770ec91/attachment.bin>
More information about the openssl-dev
mailing list