Update contrib/restricted/aws/s2n to 1.3.19

author: robot-contrib <robot-contrib@yandex-team.com> 2022-08-10 11:44:54 +0300
committer: robot-contrib <robot-contrib@yandex-team.com> 2022-08-10 11:44:54 +0300
commit: 80e5365ef2b1dd1a7c608103d8c13c0515aa8e95 (patch)
tree: 4db54a4f3052afd1456be6c038bf3e9a39c51c71 /contrib/restricted/aws/s2n/tls/extensions/s2n_client_ems.c
parent: b1e3c856d108130762d6ca0db45802eb791e7c59 (diff)
download: ydb-80e5365ef2b1dd1a7c608103d8c13c0515aa8e95.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_ems.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_ems.c
index 36ec3d339f..0fd8d83c5d 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_ems.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_ems.c
@@ -52,6 +52,16 @@ static int s2n_client_ems_recv(struct s2n_connection *conn, struct s2n_stuffer *
     return S2N_SUCCESS;
 }
 
+/**
+ *= https://www.rfc-editor.org/rfc/rfc7627#section-5.3
+ *= type=exception
+ *# When offering an abbreviated handshake, the client MUST send the
+ *# "extended_master_secret" extension in its ClientHello.
+ *
+ *  We added an exception here in order to prevent a drop in 
+ *  session resumption rates during deployment. Eventually clients
+ *  will be forced to do a full handshake as sessions expire and pick up EMS at that point.
+ **/
 static bool s2n_client_ems_should_send(struct s2n_connection *conn)
 {
     /* Don't send this extension if the previous session did not negotiate EMS */
author	robot-contrib <robot-contrib@yandex-team.com>	2022-08-10 11:44:54 +0300
committer	robot-contrib <robot-contrib@yandex-team.com>	2022-08-10 11:44:54 +0300
commit	80e5365ef2b1dd1a7c608103d8c13c0515aa8e95 (patch)
tree	4db54a4f3052afd1456be6c038bf3e9a39c51c71 /contrib/restricted/aws/s2n/tls/extensions/s2n_client_ems.c
parent	b1e3c856d108130762d6ca0db45802eb791e7c59 (diff)
download	ydb-80e5365ef2b1dd1a7c608103d8c13c0515aa8e95.tar.gz