Closed
Bug 1246265
Opened 8 years ago
Closed 8 years ago
selfserv and tstclnt don't properly support TLS 1.3
Categories
(NSS :: Tools, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
3.23
People
(Reporter: ekr, Unassigned)
Details
Attachments
(1 file)
1.58 KB,
patch
|
mt
:
review+
ttaubert
:
review+
|
Details | Diff | Splinter Review |
There are three problems: - SECUtil doesn't properly parse the 1.3 token. - The server will accept 1.3 in a v2 client hello - The client will generate a v2 client hello unless v2 is configured off I am fixing the first two. The second will go away with Tim's v2 patch
Reporter | ||
Comment 1•8 years ago
|
||
Attachment #8716445 -
Flags: review?(ttaubert)
Attachment #8716445 -
Flags: review?(martin.thomson)
Comment 2•8 years ago
|
||
Comment on attachment 8716445 [details] [diff] [review] 0001-Bug-1246265.-Fix-tstclnt-and-selfserv-for-TLS-1.3.patch Review of attachment 8716445 [details] [diff] [review]: ----------------------------------------------------------------- ::: lib/ssl/ssl3con.c @@ +9001,5 @@ > ss->clientHelloVersion = version; > > + if (version >= SSL_LIBRARY_VERSION_TLS_1_3) { > + /* [draft-ietf-tls-tls-11; C.3] forbids sending a TLS 1.3 > + * ClientHello using the backwards-compatible format. */ This is good, just wanted to note that ssl3_HandleV2ClientHello() will go away with SSLv2 too.
Attachment #8716445 -
Flags: review?(ttaubert) → review+
Reporter | ||
Comment 3•8 years ago
|
||
Committed as: https://hg.mozilla.org/projects/nss/rev/f143c3a57499 TTaubert: some people have complained about removing ssl3_HandleV2ClientHello so I figured I better fix it just in case.
Updated•8 years ago
|
Attachment #8716445 -
Flags: review?(martin.thomson) → review+
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.23
You need to log in
before you can comment on or make changes to this bug.
Description
•