mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-12 04:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity
f7aa318552
openssl/ssl
History
David Benjamin f7aa318552 Don't send signature algorithms when client_version is below TLS 1.2. 
Per RFC 5246,

    Note: this extension is not meaningful for TLS versions prior to 1.2.
    Clients MUST NOT offer it if they are offering prior versions.
    However, even if clients do offer it, the rules specified in [TLSEXT]
    require servers to ignore extensions they do not understand.

Although second sentence would suggest that there would be no interop
problems in always offering the extension, WebRTC has reported issues
with Bouncy Castle on < TLS 1.2 ClientHellos that still include
signature_algorithms. See also
https://bugs.chromium.org/p/webrtc/issues/detail?id=4223

RT#4390

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-05-09 17:46:23 +01:00
..
record ssl/record/rec_layer_s3.c: fix typo from previous commit. 2016-05-02 15:23:22 +02:00
statem GH356: Change assert to normal error 2016-05-05 17:27:30 -04:00
bio_ssl.c Fix BIO_CTRL_DUP for an SSL BIO 2016-04-27 09:20:11 +01:00
build.info Update build.info files for auto-init/de-init 2016-02-09 15:11:38 +00:00
d1_lib.c Improve heartbeats coding style 2016-05-05 16:30:35 +01:00
d1_msg.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
d1_srtp.c Free any existing SRTP connection profile 2016-05-09 10:25:34 +01:00
methods.c Allow different protocol version when trying to reuse a session 2016-03-27 23:58:50 +02:00
packet_locl.h Refactor ClientHello extension parsing 2016-03-03 13:53:26 +01:00
pqueue.c Remove an unused function 2016-04-11 14:31:26 +01:00
s3_cbc.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
s3_enc.c various spelling fixes 2016-04-28 14:22:26 -04:00
s3_lib.c Move 3DES from HIGH to MEDIUM 2016-05-05 17:31:53 -04:00
s3_msg.c Implement write pipeline support in libssl 2016-03-07 21:39:27 +00:00
ssl_asn1.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
ssl_cert.c various spelling fixes 2016-04-28 14:22:26 -04:00
ssl_ciph.c Fix building with -DCHARSET_EBCDIC 2016-04-29 15:04:15 +01:00
ssl_conf.c New SSL test framework 2016-04-05 13:44:46 +02:00
ssl_err.c Fix an error code spelling. 2016-04-28 14:22:26 -04:00
ssl_init.c Remove OPENSSL_NO_SHA guards 2016-04-13 21:25:24 +01:00
ssl_lib.c fix tab-space mixed indentation 2016-05-09 09:09:55 +01:00
ssl_locl.h Don't send signature algorithms when client_version is below TLS 1.2. 2016-05-09 17:46:23 +01:00
ssl_mcnf.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
ssl_rsa.c Remove confusing comment. 2016-05-02 16:55:14 -04:00
ssl_sess.c Add checks on CRYPTO_new_ex_data return value 2016-04-28 14:37:41 -04:00
ssl_stat.c Use return "" not set a var and return. 2016-03-31 16:27:52 -04:00
ssl_txt.c various spelling fixes 2016-04-28 14:22:26 -04:00
ssl_utst.c Fix build-break 2016-02-15 10:17:12 -05:00
t1_enc.c Remove #error from include files. 2016-03-20 19:48:36 -04:00
t1_ext.c Fix the no-nextprotoneg option 2016-04-11 14:22:43 +01:00
t1_lib.c Don't send signature algorithms when client_version is below TLS 1.2. 2016-05-09 17:46:23 +01:00
t1_reneg.c Remove outdated DEBUG flags. 2016-02-18 17:14:50 -05:00
t1_trce.c Fix enable-ssl-trace no-nextprotoneg. 2016-04-27 12:36:30 +01:00
tls_srp.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00