Move ciphersuite selection before session resumption in TLSv1.3 This does things as per the recommendation in the TLSv1.3 spec. It also means that the server will always choose its preferred ciphersuite. Previously the server would only select ciphersuites compatible with the session. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3623)

commit: 0de6d66d36dc5f6d46247c63da71b73d7e8e018c [log] [tgz]
author: Matt Caswell <matt@openssl.org> Tue Jun 06 17:19:32 2017 +0100
committer: Matt Caswell <matt@openssl.org> Fri Jun 16 10:57:59 2017 +0100
tree: d92e55f710efb5c43ade2b2c7bdcf03317e9dccb
parent: ca0413ae14f8fc9cc840b8acaadd150ea290285f [diff] [blame]
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index fe181ab..39e6c07 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c

@@ -726,11 +726,8 @@
             continue;
 
         md = ssl_md(sess->cipher->algorithm2);
-        if (md == NULL) {
-            /*
-             * Don't recognise this cipher so we can't use the session.
-             * Ignore it
-             */
+        if (md != ssl_md(s->s3->tmp.new_cipher->algorithm2)) {
+            /* The ciphersuite is not compatible with this session. */
             SSL_SESSION_free(sess);
             sess = NULL;
             continue;
commit	0de6d66d36dc5f6d46247c63da71b73d7e8e018c	[log] [tgz]
author	Matt Caswell <matt@openssl.org>	Tue Jun 06 17:19:32 2017 +0100
committer	Matt Caswell <matt@openssl.org>	Fri Jun 16 10:57:59 2017 +0100
tree	d92e55f710efb5c43ade2b2c7bdcf03317e9dccb
parent	ca0413ae14f8fc9cc840b8acaadd150ea290285f [diff] [blame]