commit | d663df2399d1d9d6015bcfd2ec87b925ea3558a2 | [log] [tgz] |
---|---|---|
author | Emilia Kasper <emilia@openssl.org> | Tue Oct 28 17:35:59 2014 +0100 |
committer | Emilia Kasper <emilia@openssl.org> | Tue Oct 28 17:35:59 2014 +0100 |
tree | 088b028800ef69149db550d83e26180df5548168 | |
parent | 49b0dfc5026338f1227fdb0f9b3c18485dc459e9 [diff] |
Tighten session ticket handling Tighten client-side session ticket handling during renegotiation: ensure that the client only accepts a session ticket if the server sends the extension anew in the ServerHello. Previously, a TLS client would reuse the old extension state and thus accept a session ticket if one was announced in the initial ServerHello. Reviewed-by: Bodo Moeller <bodo@openssl.org>