Add a TODO(TLS1.3) about renegotation

Renegotiation does not exist in TLS1.3, so we need to disable it at some point. Reviewed-by: Rich Salz <rsalz@openssl.org>
2025-05-21 13:59:40 +00:00 · 2016-11-02 11:33:20 +00:00 · 2016-11-02 11:33:20 +00:00 · d2f42576c4
commit d2f42576c4
parent 17d01b4201
1 changed files with 5 additions and 0 deletions
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@ -1002,6 +1002,11 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello)

    switch (server_version) {
    default:
+        /*
+         * TODO(TLS1.3): This check will fail if someone attempts to do
+         * renegotiation in TLS1.3 at the moment. We need to ensure we disable
+         * renegotiation for TLS1.3
+         */
        if (version_cmp(s, client_version, s->version) < 0)
            return SSL_R_WRONG_SSL_VERSION;
        /*