tls 2.0.1 → 2.0.2
raw patch · 5 files changed
+23/−13 lines, 5 files
Files
- CHANGELOG.md +5/−0
- Network/TLS/Context/Internal.hs +1/−0
- Network/TLS/Handshake/Client/ClientHello.hs +9/−8
- Network/TLS/Handshake/Client/ServerHello.hs +5/−2
- tls.cabal +3/−3
CHANGELOG.md view
@@ -1,3 +1,8 @@+## Version 2.0.2++* Client checks sessionMaxEarlyDataSize to decide 0-RTT+* Client checks the resumption cipher properly.+ ## Version 2.0.1 * Fix a leak of pending data to be sent.
Network/TLS/Context/Internal.hs view
@@ -178,6 +178,7 @@ , cHash :: Hash , cZero :: ByteString }+ deriving (Show) makeCipherChoice :: Version -> Cipher -> CipherChoice makeCipherChoice ver cipher = CipherChoice ver cipher h zero
Network/TLS/Handshake/Client/ClientHello.hs view
@@ -290,11 +290,8 @@ guard tls13 (sid, sdata) <- clientWantSessionResume cparams guard (sessionVersion sdata >= TLS13)- guard (not (null ciphers))- let sCipher = head ciphers- -- A keyshare is sent only for the first cipher.- -- This can induce HRR.- guard (cipherID sCipher == sessionCipher sdata)+ let cid = sessionCipher sdata+ sCipher <- find (\c -> cipherID c == cid) ciphers return (sid, sdata, sCipher) getPskInfo =@@ -307,9 +304,13 @@ if isAgeValid age tinfo then Just- (identity, sdata, makeCipherChoice TLS13 sCipher, ageToObfuscatedAge age tinfo)+ ( identity+ , sdata+ , makeCipherChoice TLS13 sCipher+ , ageToObfuscatedAge age tinfo+ ) else Nothing - get0RTTinfo (_, _, choice, _)- | clientUseEarlyData cparams = Just choice+ get0RTTinfo (_, sdata, choice, _)+ | clientUseEarlyData cparams && sessionMaxEarlyDataSize sdata > 0 = Just choice | otherwise = Nothing
Network/TLS/Handshake/Client/ServerHello.hs view
@@ -67,9 +67,12 @@ processServerHello :: ClientParams -> Context -> Handshake -> IO () processServerHello cparams ctx (ServerHello rver serverRan serverSession cipher compression exts) = do- when (rver < TLS12) $+ -- A server which receives a legacy_version value not equal to+ -- 0x0303 MUST abort the handshake with an "illegal_parameter"+ -- alert.+ when (rver /= TLS12) $ throwCore $- Error_Protocol (show rver ++ " is not supported") ProtocolVersion+ Error_Protocol (show rver ++ " is not supported") IllegalParameter -- find the compression and cipher methods that the server want to use. clientSession <- tls13stSession <$> getTLS13State ctx sentExts <- tls13stSentExtensions <$> getTLS13State ctx
tls.cabal view
@@ -1,6 +1,6 @@ cabal-version: >=1.10 name: tls-version: 2.0.1+version: 2.0.2 license: BSD3 license-file: LICENSE copyright: Vincent Hanquez <vincent@snarc.org>@@ -116,7 +116,7 @@ asn1-types >= 0.3 && < 0.4, async >= 2.2 && < 2.3, base16-bytestring,- bytestring >= 0.10 && < 0.12,+ bytestring >= 0.10 && < 0.13, cereal >= 0.5.3 && < 0.6, crypton >= 0.34 && < 0.35, crypton-x509 >= 1.7 && < 1.8,@@ -125,7 +125,7 @@ data-default-class >= 0.1 && < 0.2, memory >= 0.18 && < 0.19, mtl >= 2.2 && < 2.4,- network >= 3.1 && < 3.2,+ network >= 3.1, serialise >= 0.2 && < 0.3, transformers >= 0.5 && < 0.7, unix-time >= 0.4.11 && < 0.5