-
Notifications
You must be signed in to change notification settings - Fork 756
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This commit solves https://bugs.chromium.org/p/boringssl/issues/detail?id=714. To summarize, there are cases where servers will advertise ECH on hostnames that may, in practice, be unable to actually negotiate e.g. TLS 1.3. To gracefully handle this case, this commit adds a new return value for the select_cert_cb that signals to the server that ECH must be disabled. To accomplish this, we slightly rewind the state machine to instead handshake with ClientHelloOuter, and clear ech_keys on the handshake state such that the server hello does not include any retry_configs in EncryptedExtensions. Clients will take this as a signal that ECH is disabled on the hostname, and that they should instead handshake without ECH. Bug: 42290593 Change-Id: I1806ba052ffbc3e5c46161a1596d125cc5e5a8fc Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/69087 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: Bob Beck <bbe@google.com> Reviewed-by: Bob Beck <bbe@google.com>
- Loading branch information
1 parent
b34976c
commit d274b1b
Showing
7 changed files
with
103 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters