summaryrefslogtreecommitdiffstats
path: root/test/recipes/70-test_sslsessiontick.t
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2016-11-02 16:03:56 +0100
committerMatt Caswell <matt@openssl.org>2016-11-16 11:09:46 +0100
commit0f1e51ea115beef8a5fdd80d5a6c13ee289f980a (patch)
tree65060f458f52188507f0a9748ea8004bf5e50763 /test/recipes/70-test_sslsessiontick.t
parentAdd a TLS version consistency check during session resumption (diff)
downloadopenssl-0f1e51ea115beef8a5fdd80d5a6c13ee289f980a.tar.xz
openssl-0f1e51ea115beef8a5fdd80d5a6c13ee289f980a.zip
Start using the key_share data to derive the PMS
The previous commits put in place the logic to exchange key_share data. We now need to do something with that information. In <= TLSv1.2 the equivalent of the key_share extension is the ServerKeyExchange and ClientKeyExchange messages. With key_share those two messages are no longer necessary. The commit removes the SKE and CKE messages from the TLSv1.3 state machine. TLSv1.3 is completely different to TLSv1.2 in the messages that it sends and the transitions that are allowed. Therefore, rather than extend the existing <=TLS1.2 state transition functions, we create a whole new set for TLSv1.3. Intially these are still based on the TLSv1.2 ones, but over time they will be amended. The new TLSv1.3 transitions remove SKE and CKE completely. There's also some cleanup for some stuff which is not relevant to TLSv1.3 and is easy to remove, e.g. the DTLS support (we're not doing DTLSv1.3 yet) and NPN. I also disable EXTMS for TLSv1.3. Using it was causing some added complexity, so rather than fix it I removed it, since eventually it will not be needed anyway. Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'test/recipes/70-test_sslsessiontick.t')
-rwxr-xr-xtest/recipes/70-test_sslsessiontick.t2
1 files changed, 1 insertions, 1 deletions
diff --git a/test/recipes/70-test_sslsessiontick.t b/test/recipes/70-test_sslsessiontick.t
index 89ef12f75b..0c29ec7ce0 100755
--- a/test/recipes/70-test_sslsessiontick.t
+++ b/test/recipes/70-test_sslsessiontick.t
@@ -229,7 +229,7 @@ sub checkmessages($$$$$$)
$shellotickext = 1;
}
}
- } elsif ($message->mt == TLSProxy::Message::MT_CLIENT_KEY_EXCHANGE) {
+ } elsif ($message->mt == TLSProxy::Message::MT_CERTIFICATE) {
#Must be doing a full handshake
$fullhand = 1;
} elsif ($message->mt == TLSProxy::Message::MT_NEW_SESSION_TICKET) {