Forbid renegotiation in TLS 1.3. Change-Id: I1b34acbbb5528e7e31595ee0cbce7618890f3955 Reviewed-on: https://boringssl-review.googlesource.com/8669 Reviewed-by: David Benjamin <davidben@google.com>

commit: 397c8e6fb6b493fae96328a41b1b94c6dd6f85d3 [log] [tgz]
author: David Benjamin <davidben@google.com> Fri Jul 08 14:14:36 2016 -0700
committer: David Benjamin <davidben@google.com> Mon Jul 11 18:26:27 2016 +0000
tree: 259ead65582ab188c3760175370d823e042a8dfa
parent: 71dd6660e849e8f98129c997e2f52ae8991ec3d3 [diff] [blame]
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 1bbed59..dec8288 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c

@@ -353,6 +353,10 @@
 }
 
 static int ssl3_can_renegotiate(SSL *ssl) {
+  if (ssl->server || ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
+    return 0;
+  }
+
   switch (ssl->renegotiate_mode) {
     case ssl_renegotiate_never:
       return 0;
commit	397c8e6fb6b493fae96328a41b1b94c6dd6f85d3	[log] [tgz]
author	David Benjamin <davidben@google.com>	Fri Jul 08 14:14:36 2016 -0700
committer	David Benjamin <davidben@google.com>	Mon Jul 11 18:26:27 2016 +0000
tree	259ead65582ab188c3760175370d823e042a8dfa
parent	71dd6660e849e8f98129c997e2f52ae8991ec3d3 [diff] [blame]