From 77499013aadc0df36e23c7451262828977c93279 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sat, 17 Sep 2022 17:14:06 +0000 Subject: [PATCH] Allow TLSv1.3 clients to send CCS without middlebox compatibility mode. While RFC 8446 is clear about what legacy session identifiers can be sent by a TLSv1.3 client and how middlebox compatibility mode is requested, it is delightfully vague about the circumstances under which a client is permitted to send CCS messages. While it does not make sense for a client to send CCS messages when they are not requesting middlebox compatibility mode, it is not strictly forbidden by the RFC and at least one (unknown) TLSv1.3 stack has been observed to do this in the wild. Revert part of the previous change and allow clients to send CCS messages, even if they are not requesting middlebox compatibility mode. Found the hard way by florian@ ok tb@ --- src/lib/libssl/tls13_server.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index b1612a86e51..82350702dc7 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.102 2022/09/11 14:39:44 jsing Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.103 2022/09/17 17:14:06 jsing Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing * Copyright (c) 2020 Bob Beck @@ -318,9 +318,7 @@ tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs) if (ctx->hs->key_share != NULL) ctx->handshake_stage.hs_type |= NEGOTIATED | WITHOUT_HRR; - /* Only allow CCS if client requested middlebox compatibility mode. */ - if (ctx->hs->tls13.legacy_session_id_len > 0) - tls13_record_layer_allow_ccs(ctx->rl, 1); + tls13_record_layer_allow_ccs(ctx->rl, 1); return 1;