From a288a20ccdf63e6567070964b9b77771898c52d6 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Fri, 3 Aug 2018 14:13:14 +0200 Subject: Ensure we are sending the right protocol version on second client hello That is, when we respond to a Hello Retry Request as client, we put the TLS1.2 version on the second client hello to send a hello that is as close as possible to the original hello. That effectively separates the handling of TLS1.2 rehandshake and TLS1.3 hello retry request when sending a client hello. Resolves #535 Signed-off-by: Nikos Mavrogiannopoulos --- lib/handshake.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'lib/handshake.c') diff --git a/lib/handshake.c b/lib/handshake.c index 7274bafebd..2c7524016e 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -1991,12 +1991,13 @@ static int send_client_hello(gnutls_session_t session, int again) uint8_t session_id_len = session->internals.resumed_security_parameters.session_id_size; - /* note that rehandshake is different than resuming - */ - if (session->security_parameters.session_id_size) - rehandshake = 1; if (again == 0) { + /* note that rehandshake is different than resuming + */ + if (session->internals.initial_negotiation_completed) + rehandshake = 1; + ret = _gnutls_buffer_init_handshake_mbuffer(&extdata); if (ret < 0) return gnutls_assert_val(ret); -- cgit v1.2.1