[openssl-users] Issue with TLS1.3 and s_time

Roelof Du Toit Roelof_Dutoit at symantec.com
Wed Jul 12 18:43:10 UTC 2017


This seems to be a bug in how s_time handles the TLS 1.3 post-handshake NewSessionTicket message; more specifically: not handling the retry when SSL_read() returns -1.

The following diff (in tls1.3-draft-19 branch) appears to resolve the issue:

$ git diff
diff --git a/apps/s_time.c b/apps/s_time.c
index 998ef72..caa1b22 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -234,8 +234,8 @@ int s_time_main(int argc, char **argv)
                                    fmt_http_get_cmd, www_path);
             if (SSL_write(scon, buf, buf_len) <= 0)
                 goto end;
-            while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
-                bytes_read += i;
+            while ((i = SSL_read(scon, buf, sizeof(buf))) > 0 || BIO_should_retry(SSL_get_rbio(scon)))
+                if (i > 0) bytes_read += i;
         }


--Roelof
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170712/456836d7/attachment.html>


More information about the openssl-users mailing list