[openssl-dev] TLS 1.3 client hello issue
Mahesh Bhoothapuri
maheshbhooth at gmail.com
Mon Sep 18 06:07:11 UTC 2017
Hi,
I am sending a Tls 1.3 client hello, and am seeing an issue with
ossl_statem_client_write_transition in statem_clnt.c.
/*
* Note that immediately before/after a ClientHello we don't know what
* version we are going to negotiate yet, so we don't take this branch
until
* later
*/
/*
* ossl_statem_client_write_transition() works out what handshake state to
* move to next when the client is writing messages to be sent to the
server.
*/
WRITE_TRAN ossl_statem_client_write_transition(SSL *s)
{
if (SSL_IS_TLS13(s))
return ossl_statem_client13_write_transition(s);
}
And in:
/*
* ossl_statem_client_write_transition() works out what handshake state to
* move to next when the client is writing messages to be sent to the
server.
*/
WRITE_TRAN ossl_statem_client_write_transition(SSL *s)
{
/*
* Note: There are no cases for TLS_ST_BEFORE because we haven't
negotiated
* TLSv1.3 yet at that point. They are handled by
* ossl_statem_client_write_transition().
*/
switch (st->hand_state) {
default:
/* Shouldn't happen */
return WRITE_TRAN_ERROR;
}
With a TLS 1.3 client hello, using tls 1.3 version, the st->hand_state is
TLS_ST_BEFORE and so, the default error is returned.
When I added :
case TLS_ST_BEFORE:
st->hand_state = TLS_ST_CW_CLNT_HELLO;
return WRITE_TRAN_CONTINUE;
The client hello gets sent out, but I only saw a TLS 1.2 version being sent.
Is this a bug?
Thanks,
Mahesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20170917/eea53550/attachment.html>
More information about the openssl-dev
mailing list