Trim a few extensions when min_version is TLS 1.3.
None of these extensions may be negotiated in TLS 1.3 and are otherwise
on by default. Make the future QUIC/TLS1.3 ClientHello a hair smaller.
Change-Id: I613c339d95470676c78f21fd29e888b7701692c6
Reviewed-on: https://boringssl-review.googlesource.com/10504
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index b3c94d2..dbf4313 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -807,6 +807,16 @@
* https://tools.ietf.org/html/rfc5746 */
static int ext_ri_add_clienthello(SSL *ssl, CBB *out) {
+ uint16_t min_version, max_version;
+ if (!ssl_get_version_range(ssl, &min_version, &max_version)) {
+ return 0;
+ }
+
+ /* Renegotiation indication is not necessary in TLS 1.3. */
+ if (min_version >= TLS1_3_VERSION) {
+ return 1;
+ }
+
CBB contents, prev_finished;
if (!CBB_add_u16(out, TLSEXT_TYPE_renegotiate) ||
!CBB_add_u16_length_prefixed(out, &contents) ||
@@ -954,7 +964,13 @@
}
static int ext_ems_add_clienthello(SSL *ssl, CBB *out) {
- if (ssl->version == SSL3_VERSION) {
+ uint16_t min_version, max_version;
+ if (!ssl_get_version_range(ssl, &min_version, &max_version)) {
+ return 0;
+ }
+
+ /* Extended master secret is not necessary in TLS 1.3. */
+ if (min_version >= TLS1_3_VERSION || max_version <= SSL3_VERSION) {
return 1;
}
@@ -1023,7 +1039,14 @@
* https://tools.ietf.org/html/rfc5077 */
static int ext_ticket_add_clienthello(SSL *ssl, CBB *out) {
- if (SSL_get_options(ssl) & SSL_OP_NO_TICKET) {
+ uint16_t min_version, max_version;
+ if (!ssl_get_version_range(ssl, &min_version, &max_version)) {
+ return 0;
+ }
+
+ /* TLS 1.3 uses a different ticket extension. */
+ if (min_version >= TLS1_3_VERSION ||
+ SSL_get_options(ssl) & SSL_OP_NO_TICKET) {
return 1;
}
