Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/mono/boringssl.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Benjamin <davidben@google.com>2016-07-14 04:02:08 +0300
committerDavid Benjamin <davidben@google.com>2016-07-14 18:49:47 +0300
commite907765021a5972eece47152f11a9fc7b8286210 (patch)
tree53d5112fab03292dec2b224d50798b0277b2ef1a
parent6e6abe1f4401dffd38c662964e0f94cd5615fadf (diff)
Enforce that EMS is not advertised in TLS 1.3.
The extension is not defined in TLS 1.3. Change-Id: I5eb85f7142be7e11f1a9c0e4680e8ace9ac50feb Reviewed-on: https://boringssl-review.googlesource.com/8771 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
Diffstat
-rw-r--r--ssl/test/runner/handshake_client.go4
1 files changed, 4 insertions, 0 deletions
diff --git a/ssl/test/runner/handshake_client.go b/ssl/test/runner/handshake_client.go
index 10c847e3..b402a34f 100644
--- a/ssl/test/runner/handshake_client.go
+++ b/ssl/test/runner/handshake_client.go
@@ -986,6 +986,10 @@ func (hs *clientHandshakeState) processServerExtensions(serverExtensions *server
return errors.New("server advertised Channel ID over TLS 1.3")
}
+ if serverExtensions.extendedMasterSecret && c.vers >= VersionTLS13 && enableTLS13Handshake {
+ return errors.New("tls: server advertised extended master secret over TLS 1.3")
+ }
+
if serverExtensions.srtpProtectionProfile != 0 {
if serverExtensions.srtpMasterKeyIdentifier != "" {
return errors.New("tls: server selected SRTP MKI value")
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-30 19:37:22 +0300