Skip to content

Commit

Permalink
Disable middlebox combat for dtls1.3
Browse files Browse the repository at this point in the history
  • Loading branch information
fwh-dc committed Oct 13, 2023
1 parent eaee176 commit 3ccf99b
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 0 deletions.
4 changes: 4 additions & 0 deletions ssl/statem/statem_clnt.c
Original file line number Diff line number Diff line change
Expand Up @@ -1543,6 +1543,10 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, PACKET *pkt)
/* SSLfatal() already called */
goto err;
}

if (SSL_CONNECTION_IS_DTLS13(s)) {
SSL_clear_options(ssl, SSL_OP_ENABLE_MIDDLEBOX_COMPAT);
}
}

if (SSL_CONNECTION_IS_TLS13(s) || hrr) {
Expand Down
3 changes: 3 additions & 0 deletions ssl/statem/statem_srvr.c
Original file line number Diff line number Diff line change
Expand Up @@ -1791,6 +1791,9 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s)
goto err;
}
}
if (SSL_CONNECTION_IS_DTLS13(s)) {
SSL_clear_options(ssl, SSL_OP_ENABLE_MIDDLEBOX_COMPAT);
}
}

s->hit = 0;
Expand Down

0 comments on commit 3ccf99b

Please sign in to comment.