Closed
Bug 1252745
Opened 8 years ago
Closed 8 years ago
Signed certificate timestamp extension doesn't work in TLS 1.3
Categories
(NSS :: Libraries, defect)
NSS
Libraries
Tracking
(firefox47 affected)
RESOLVED
FIXED
3.28
Tracking | Status | |
---|---|---|
firefox47 | --- | affected |
People
(Reporter: mt, Assigned: mt)
References
Details
This is largely because we were talked into accepting a dodgy memory management scheme for the extension data, but it is more than that. The state is copied into the session (so that it is available after resumption), but that session isn't available in TLS <=1.2 until after the extension processing. In TLS 1.3, this extension should be in EncryptedExtensions, which means that the session will be available.
Assignee | ||
Comment 1•8 years ago
|
||
The simplest fix would be to: a) add this to KnownExtensions b) in the client handler, copy the extension data over to the session if the version is TLS 1.3 That is, however, a disgusting option.
Blocks: tls13
Assignee | ||
Comment 2•8 years ago
|
||
Review: https://nss-review.dev.mozaws.net/D50 Code: https://hg.mozilla.org/projects/nss/rev/467e55ab450c
Assignee: nobody → martin.thomson
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.28
You need to log in
before you can comment on or make changes to this bug.
Description
•