Don't allow reconnect during handshake
Especially for resumed handshake, it's entirely possible for an epoch=0 ClientHello to be retransmitted or arrive so late that the server is already at epoch=1. There is no good way to detect whether it's that or a reconnect. However: - a late ClientHello seems more likely that client going down and then up again in the middle of a handshake - even if that's the case, we'll time out on that handshake soon enough - we don't want to break handshake flows that used to work So the safest option is to not treat that as a reconnect.
This commit is contained in:
parent
6ad23b9855
commit
ea5370d4a2
1 changed files with 1 additions and 0 deletions
|
@ -3542,6 +3542,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
|
|||
* fact that the record header len is 13 instead.
|
||||
*/
|
||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
|
||||
ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER &&
|
||||
rec_epoch == 0 &&
|
||||
ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
|
||||
ssl->in_left > 13 &&
|
||||
|
|
Loading…
Reference in a new issue