Update crypto negotation to draft 15.
BUG=77
Change-Id: If568412655aae240b072c29d763a5b17bb5ca3f7
Reviewed-on: https://boringssl-review.googlesource.com/10840
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c
index c5b3b1f..31394c0 100644
--- a/ssl/handshake_client.c
+++ b/ssl/handshake_client.c
@@ -626,18 +626,6 @@
if (!CBB_add_u16(&child, ssl_cipher_get_value(cipher))) {
return 0;
}
- /* Add PSK ciphers for TLS 1.3 resumption. */
- uint16_t session_version;
- if (ssl->session != NULL &&
- ssl->method->version_from_wire(&session_version,
- ssl->session->ssl_version) &&
- session_version >= TLS1_3_VERSION) {
- uint16_t resumption_cipher;
- if (ssl_cipher_get_ecdhe_psk_cipher(cipher, &resumption_cipher) &&
- !CBB_add_u16(&child, resumption_cipher)) {
- return 0;
- }
- }
}
/* If all ciphers were disabled, return the error to the caller. */
@@ -952,16 +940,16 @@
}
if (ssl->session != NULL) {
- if (ssl->session->cipher != c) {
- al = SSL_AD_ILLEGAL_PARAMETER;
- OPENSSL_PUT_ERROR(SSL, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
- goto f_err;
- }
if (ssl->session->ssl_version != ssl->version) {
al = SSL_AD_ILLEGAL_PARAMETER;
OPENSSL_PUT_ERROR(SSL, SSL_R_OLD_SESSION_VERSION_NOT_RETURNED);
goto f_err;
}
+ if (ssl->session->cipher != c) {
+ al = SSL_AD_ILLEGAL_PARAMETER;
+ OPENSSL_PUT_ERROR(SSL, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
+ goto f_err;
+ }
if (!ssl_session_is_context_valid(ssl, ssl->session)) {
/* This is actually a client application bug. */
al = SSL_AD_ILLEGAL_PARAMETER;
