Use the correct session resumption mechanism
Don't attempt to add a TLS1.3 session to a TLS1.2 ClientHello session
ticket extensions. Similarly don't add a TLS1.2 session to a TLS1.3
psk extension.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 1e6eddf..c17901a 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -191,7 +191,8 @@
return 1;
if (!s->new_session && s->session != NULL
- && s->session->ext.tick != NULL) {
+ && s->session->ext.tick != NULL
+ && s->session->ssl_version != TLS1_3_VERSION) {
ticklen = s->session->ext.ticklen;
} else if (s->session && s->ext.session_ticket != NULL
&& s->ext.session_ticket->data != NULL) {
@@ -674,10 +675,11 @@
s->session->ext.tick_identity = TLSEXT_PSK_BAD_IDENTITY;
/*
- * If this is a new session then we have nothing to resume so don't add
- * this extension.
+ * If this is an incompatible or new session then we have nothing to resume
+ * so don't add this extension.
*/
- if (s->session->ext.ticklen == 0)
+ if (s->session->ssl_version != TLS1_3_VERSION
+ || s->session->ext.ticklen == 0)
return 1;
/*
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 046b665..b0df32b 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -954,7 +954,7 @@
int tls_use_ticket(SSL *s)
{
- if ((s->options & SSL_OP_NO_TICKET) || SSL_IS_TLS13(s))
+ if ((s->options & SSL_OP_NO_TICKET))
return 0;
return ssl_security(s, SSL_SECOP_TICKET, 0, 0, NULL);
}
