tls13: check if the session ticket is compatible with key exchange modes
The server check if the ticket_flags is compatible with the advertised key exchange modes in Pre-Shared Key Exchange Modes extension. The incompatible ticket should be mark as not matched. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
This commit is contained in:
parent
9f92695c8d
commit
c55eeb682d
1 changed files with 18 additions and 0 deletions
|
@ -249,6 +249,24 @@ static int ssl_tls13_offered_psks_check_identity_match(
|
|||
if (ssl_tls13_offered_psks_check_identity_match_ticket(
|
||||
ssl, identity, identity_len, obfuscated_ticket_age,
|
||||
session) == SSL_TLS1_3_OFFERED_PSK_MATCH) {
|
||||
/* RFC 8446 section 4.2.9
|
||||
*
|
||||
* Servers SHOULD NOT send NewSessionTicket with tickets that are not
|
||||
* compatible with the advertised modes; however, if a server does so,
|
||||
* the impact will just be that the client's attempts at resumption fail.
|
||||
*
|
||||
* We regard the ticket with incompatible key exchange modes as not match.
|
||||
*/
|
||||
MBEDTLS_SSL_DEBUG_TICKET_FLAGS(4,
|
||||
session->ticket_flags);
|
||||
if (mbedtls_ssl_tls13_check_kex_modes(ssl,
|
||||
mbedtls_ssl_tls13_session_get_ticket_flags(session,
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL)))
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG(3, ("No suitable key exchange mode"));
|
||||
return SSL_TLS1_3_OFFERED_PSK_NOT_MATCH;
|
||||
}
|
||||
|
||||
ssl->handshake->resume = 1;
|
||||
*psk_type = MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION;
|
||||
mbedtls_ssl_set_hs_psk(ssl,
|
||||
|
|
Loading…
Reference in a new issue