Enforce that sessions are resumed at the version they're created.

After sharding the session cache for fallbacks, the numbers have been pretty good; 0.03% on dev and 0.02% on canary. Stable is at 0.06% but does not have the sharded session cache. Before sharding, stable, beta, and dev had been fairly closely aligned. Between 0.03% being low and the fallback saving us in all but extremely contrived cases, I think this should be fairly safe. Add tests for both the cipher suite and protocol version mismatch checks. BUG=441456 Change-Id: I2374bf64d0aee0119f293d207d45319c274d89ab Reviewed-on: https://boringssl-review.googlesource.com/3972 Reviewed-by: Adam Langley <agl@google.com>
author: David Benjamin <davidben@chromium.org> 2015-03-17 01:02:20 +0300
committer: Adam Langley <agl@google.com> 2015-04-07 00:40:32 +0300
commit: ece3de95c642ae9cc07c644039231178bc570710 (patch)
tree: 0a6c8837d46beaf5ce12d7b3c8a3bb45d86a4af6 /crypto/err
parent: 883e49fdd812271b1b657050688df432f73b1b8c (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/err/ssl.errordata b/crypto/err/ssl.errordata
index 38aa7ed6..bd34db55 100644
--- a/crypto/err/ssl.errordata
+++ b/crypto/err/ssl.errordata
@@ -267,6 +267,7 @@ SSL,reason,195,NO_SRTP_PROFILES
 SSL,reason,196,NULL_SSL_CTX
 SSL,reason,197,NULL_SSL_METHOD_PASSED
 SSL,reason,198,OLD_SESSION_CIPHER_NOT_RETURNED
+SSL,reason,273,OLD_SESSION_VERSION_NOT_RETURNED
 SSL,reason,199,PACKET_LENGTH_TOO_LONG
 SSL,reason,200,PARSE_TLSEXT
 SSL,reason,201,PATH_TOO_LONG
author	David Benjamin <davidben@chromium.org>	2015-03-17 01:02:20 +0300
committer	Adam Langley <agl@google.com>	2015-04-07 00:40:32 +0300
commit	ece3de95c642ae9cc07c644039231178bc570710 (patch)
tree	0a6c8837d46beaf5ce12d7b3c8a3bb45d86a4af6 /crypto/err
parent	883e49fdd812271b1b657050688df432f73b1b8c (diff)