Don't allow renegotiation for DTLS 1.3

author Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>

Thu, 12 Oct 2023 11:55:32 +0000 (13:55 +0200)

committer Tomas Mraz <tomas@openssl.org>

Thu, 9 Jan 2025 16:02:19 +0000 (17:02 +0100)
author Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>
Thu, 12 Oct 2023 11:55:32 +0000 (13:55 +0200)
committer Tomas Mraz <tomas@openssl.org>
Thu, 9 Jan 2025 16:02:19 +0000 (17:02 +0100)
diff --git a/apps/include/s_apps.h b/apps/include/s_apps.h

index 33c3b6278c823faf93dcff3487092358bed5b4c7..85eb6dcf364aa95ce7af3f3346c17148bad15ac3 100644 (file)
--- a/apps/include/s_apps.h
+++ b/apps/include/s_apps.h
@@ -16,7 +16,9 @@
  #define PROTOCOL        "tcp"
  
  #define SSL_VERSION_ALLOWS_RENEGOTIATION(s) \
-    (SSL_is_dtls(s) || (SSL_version(s) < TLS1_3_VERSION))
+    ((SSL_is_dtls(s) && (SSL_version(s) > DTLS1_3_VERSION \
+                         || SSL_version(s) == DTLS1_BAD_VER)) \
+     || (!SSL_is_dtls(s) && SSL_version(s) < TLS1_3_VERSION))
  
  typedef int (*do_server_cb)(int s, int stype, int prot, unsigned char *context);
  void get_sock_info_address(int asock, char **hostname, char **service);
author	Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>
	Thu, 12 Oct 2023 11:55:32 +0000 (13:55 +0200)
committer	Tomas Mraz <tomas@openssl.org>
	Thu, 9 Jan 2025 16:02:19 +0000 (17:02 +0100)