[gnutls-devel] GnuTLS | handshake: defer setting downgrade sentinel until version is selected (!918)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Mon Feb 18 17:47:05 CET 2019

Daiki Ueno commented on a discussion on lib/handshake.c:

>  	_gnutls_handshake_log("HSK[%p]: Selected version %s\n", session, session->security_parameters.pversion->name);
> +	/* set downgrade sentinel if the server supports TLS 1.3 and

OK, so I ended up with regenerating server random upon handling "supported_versions" extension - that could effectively delay the setting of downgrade sentinel.

Also modified `rnd-check-rollback-val.c` to cover the resumption case.

Thank you for the suggestions.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/918#note_142376123
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190218/50ab2351/attachment-0001.html>

More information about the Gnutls-devel mailing list