diff options
author | robot-contrib <robot-contrib@yandex-team.com> | 2022-08-10 11:44:54 +0300 |
---|---|---|
committer | robot-contrib <robot-contrib@yandex-team.com> | 2022-08-10 11:44:54 +0300 |
commit | 80e5365ef2b1dd1a7c608103d8c13c0515aa8e95 (patch) | |
tree | 4db54a4f3052afd1456be6c038bf3e9a39c51c71 /contrib/restricted/aws/s2n/tls | |
parent | b1e3c856d108130762d6ca0db45802eb791e7c59 (diff) | |
download | ydb-80e5365ef2b1dd1a7c608103d8c13c0515aa8e95.tar.gz |
Update contrib/restricted/aws/s2n to 1.3.19
Diffstat (limited to 'contrib/restricted/aws/s2n/tls')
-rw-r--r-- | contrib/restricted/aws/s2n/tls/extensions/s2n_client_ems.c | 10 | ||||
-rw-r--r-- | contrib/restricted/aws/s2n/tls/s2n_server_key_exchange.c | 2 |
2 files changed, 11 insertions, 1 deletions
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_ems.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_ems.c index 36ec3d339f..0fd8d83c5d 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_ems.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_ems.c @@ -52,6 +52,16 @@ static int s2n_client_ems_recv(struct s2n_connection *conn, struct s2n_stuffer * return S2N_SUCCESS; } +/** + *= https://www.rfc-editor.org/rfc/rfc7627#section-5.3 + *= type=exception + *# When offering an abbreviated handshake, the client MUST send the + *# "extended_master_secret" extension in its ClientHello. + * + * We added an exception here in order to prevent a drop in + * session resumption rates during deployment. Eventually clients + * will be forced to do a full handshake as sessions expire and pick up EMS at that point. + **/ static bool s2n_client_ems_should_send(struct s2n_connection *conn) { /* Don't send this extension if the previous session did not negotiate EMS */ diff --git a/contrib/restricted/aws/s2n/tls/s2n_server_key_exchange.c b/contrib/restricted/aws/s2n/tls/s2n_server_key_exchange.c index fc60767bb6..0d3f05b2c9 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_server_key_exchange.c +++ b/contrib/restricted/aws/s2n/tls/s2n_server_key_exchange.c @@ -100,7 +100,7 @@ int s2n_ecdhe_server_key_recv_read_data(struct s2n_connection *conn, struct s2n_ int s2n_ecdhe_server_key_recv_parse_data(struct s2n_connection *conn, struct s2n_kex_raw_server_data *raw_server_data) { - POSIX_GUARD(s2n_ecc_evp_parse_params(&raw_server_data->ecdhe_data, &conn->kex_params.server_ecc_evp_params)); + POSIX_GUARD(s2n_ecc_evp_parse_params(conn, &raw_server_data->ecdhe_data, &conn->kex_params.server_ecc_evp_params)); return 0; } |