]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 04c7fb5) | patch
TLS KeyUpdate messages are not allowed in QUIC
authorMatt Caswell <matt@openssl.org>
Mon, 7 Aug 2023 13:45:55 +0000 (14:45 +0100)
committerMatt Caswell <matt@openssl.org>
Tue, 15 Aug 2023 13:41:31 +0000 (14:41 +0100)
commit50a0af2e41ea61a79c19c17f9e87541e283ba8bf
tree4ccb9c755391833507aad0c1781194ec8f4bf0datree | snapshot
parent04c7fb53e0437f83e2476e5d55a1af61959fadf5commit | diff
TLS KeyUpdate messages are not allowed in QUIC

We already disallowed the sending of TLS KeyUpdate messages. We also treat
the receipt of a TLS KeyUpdate message as an unexpected message.

RFC 9001 section 6:
Endpoints MUST treat the receipt of a TLS KeyUpdate message as a connection
error of type 0x010a, equivalent to a fatal TLS alert of unexpected_message;
see Section 4.8.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)
ssl/statem/statem_clnt.c diff | blob | blame | history
ssl/statem/statem_srvr.c diff | blob | blame | history
A mirror of the official openssl repository