Remove old style NewSessionTicket from TLSv1.3
TLSv1.3 has a NewSessionTicket message, but it is *completely* different to
the TLSv1.2 one and may as well have been called something else. This commit
removes the old style NewSessionTicket from TLSv1.3. We will have to add the
new style one back in later.
Reviewed-by: Rich Salz <rsalz@openssl.org>
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 74022ee..19853ca 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -943,7 +943,7 @@
static int tls_use_ticket(SSL *s)
{
- if (s->options & SSL_OP_NO_TICKET)
+ if (s->options & SSL_OP_NO_TICKET || SSL_IS_TLS13(s))
return 0;
return ssl_security(s, SSL_SECOP_TICKET, 0, 0, NULL);
}
@@ -2287,7 +2287,8 @@
}
}
#endif /* OPENSSL_NO_EC */
- else if (currext->type == TLSEXT_TYPE_session_ticket) {
+ else if (currext->type == TLSEXT_TYPE_session_ticket
+ && !SSL_IS_TLS13(s)) {
if (s->tls_session_ticket_ext_cb &&
!s->tls_session_ticket_ext_cb(s,
PACKET_data(&currext->data),
@@ -3176,7 +3177,8 @@
s->tlsext_ticket_expected = 0;
/*
- * If tickets disabled behave as if no ticket present to permit stateful
+ * If tickets disabled or not supported by the protocol version
+ * (e.g. TLSv1.3) behave as if no ticket present to permit stateful
* resumption.
*/
if (s->version <= SSL3_VERSION || !tls_use_ticket(s))
