diff options
author | Péter Dimitrov <[email protected]> | 2019-07-25 14:16:34 +0200 |
---|---|---|
committer | Péter Dimitrov <[email protected]> | 2019-07-25 14:57:23 +0200 |
commit | b08621c8a9bf4f8e780de8bba022ad902308cfc8 (patch) | |
tree | b4c8f6911114b6c30f490305acd6697972c6163f | |
parent | 73b526ce765dc7ac71fdae349da44941d8201d9c (diff) | |
download | otp-b08621c8a9bf4f8e780de8bba022ad902308cfc8.tar.gz otp-b08621c8a9bf4f8e780de8bba022ad902308cfc8.tar.bz2 otp-b08621c8a9bf4f8e780de8bba022ad902308cfc8.zip |
ssl: Fix handshake pause in TLS 1.3
-rw-r--r-- | lib/ssl/src/ssl_handshake.erl | 6 | ||||
-rw-r--r-- | lib/ssl/src/tls_record_1_3.erl | 9 | ||||
-rw-r--r-- | lib/ssl/test/ssl_api_SUITE.erl | 2 |
3 files changed, 15 insertions, 2 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index 0585aebcb2..bd2efa9fbb 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -1508,8 +1508,12 @@ extension_value(#signature_algorithms_cert{signature_scheme_list = Schemes}) -> Schemes; extension_value(#key_share_client_hello{client_shares = ClientShares}) -> ClientShares; +extension_value(#key_share_server_hello{server_share = ServerShare}) -> + ServerShare; extension_value(#client_hello_versions{versions = Versions}) -> - Versions. + Versions; +extension_value(#server_hello_selected_version{selected_version = SelectedVersion}) -> + SelectedVersion. %%-------------------------------------------------------------------- diff --git a/lib/ssl/src/tls_record_1_3.erl b/lib/ssl/src/tls_record_1_3.erl index 74321a1ae2..d713062284 100644 --- a/lib/ssl/src/tls_record_1_3.erl +++ b/lib/ssl/src/tls_record_1_3.erl @@ -138,6 +138,15 @@ decode_cipher_text(#ssl_tls{type = ?ALERT, {#ssl_tls{type = ?ALERT, version = {3,4}, %% Internally use real version fragment = <<2,47>>}, ConnectionStates0}; +%% TLS 1.3 server can receive a User Cancelled Alert when handshake is +%% paused and then cancelled on the client side. +decode_cipher_text(#ssl_tls{type = ?ALERT, + version = ?LEGACY_VERSION, + fragment = <<2,90>>}, + ConnectionStates0) -> + {#ssl_tls{type = ?ALERT, + version = {3,4}, %% Internally use real version + fragment = <<2,90>>}, ConnectionStates0}; %% RFC8446 - TLS 1.3 %% D.4. Middlebox Compatibility Mode %% - If not offering early data, the client sends a dummy diff --git a/lib/ssl/test/ssl_api_SUITE.erl b/lib/ssl/test/ssl_api_SUITE.erl index 4b44b4dc3e..989f36164f 100644 --- a/lib/ssl/test/ssl_api_SUITE.erl +++ b/lib/ssl/test/ssl_api_SUITE.erl @@ -45,7 +45,7 @@ all() -> groups() -> [ %%{'tlsv1.3', [], gen_api_tests() ++ handshake_paus_tests()}, - {'tlsv1.3', [], ((gen_api_tests() ++ tls13_group()) -- [dh_params, honor_server_cipher_order, honor_client_cipher_order, + {'tlsv1.3', [], ((gen_api_tests() ++ tls13_group() ++ handshake_paus_tests()) -- [dh_params, honor_server_cipher_order, honor_client_cipher_order, new_options_in_handshake]) ++ (since_1_2() -- [conf_signature_algs])}, {'tlsv1.2', [], gen_api_tests() ++ since_1_2() ++ handshake_paus_tests() ++ pre_1_3()}, |