diff options
author | David Benjamin <davidben@chromium.org> | 2015-03-17 01:02:20 +0300 |
---|---|---|
committer | Adam Langley <agl@google.com> | 2015-04-07 00:40:32 +0300 |
commit | ece3de95c642ae9cc07c644039231178bc570710 (patch) | |
tree | 0a6c8837d46beaf5ce12d7b3c8a3bb45d86a4af6 /crypto/err | |
parent | 883e49fdd812271b1b657050688df432f73b1b8c (diff) |
Enforce that sessions are resumed at the version they're created.
After sharding the session cache for fallbacks, the numbers have been pretty
good; 0.03% on dev and 0.02% on canary. Stable is at 0.06% but does not have
the sharded session cache. Before sharding, stable, beta, and dev had been
fairly closely aligned. Between 0.03% being low and the fallback saving us in
all but extremely contrived cases, I think this should be fairly safe.
Add tests for both the cipher suite and protocol version mismatch checks.
BUG=441456
Change-Id: I2374bf64d0aee0119f293d207d45319c274d89ab
Reviewed-on: https://boringssl-review.googlesource.com/3972
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'crypto/err')
-rw-r--r-- | crypto/err/ssl.errordata | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/err/ssl.errordata b/crypto/err/ssl.errordata index 38aa7ed6..bd34db55 100644 --- a/crypto/err/ssl.errordata +++ b/crypto/err/ssl.errordata @@ -267,6 +267,7 @@ SSL,reason,195,NO_SRTP_PROFILES SSL,reason,196,NULL_SSL_CTX SSL,reason,197,NULL_SSL_METHOD_PASSED SSL,reason,198,OLD_SESSION_CIPHER_NOT_RETURNED +SSL,reason,273,OLD_SESSION_VERSION_NOT_RETURNED SSL,reason,199,PACKET_LENGTH_TOO_LONG SSL,reason,200,PARSE_TLSEXT SSL,reason,201,PATH_TOO_LONG |