diff options
| author | Anthony Martin <ality@pbrane.org> | 2022-11-10 02:24:40 +0000 |
|---|---|---|
| committer | Ori Bernstein <ori@eigenstate.org> | 2022-11-10 02:24:40 +0000 |
| commit | bd3c854f6022c48418ecd918fe921a9140d28f30 (patch) | |
| tree | 8a1dfd6be49cb61383cdf53397c9f14aa0a82815 /sys/src/cmd/nusb/kb/kb.c | |
| parent | f9096fcdfd46f5bf566e87107675bfd439771a44 (diff) | |
libsec: add minimal support for the tls renegotiation
OpenSSL 3.0 clients refuse to connect to servers that do not
support the renegotiation extension (RFC 5746) unless the default
configuration is changed to allow it. Since we do not support
renegotiation, we only need to make minor changes to the initial
handshake to comply with the specification:
1. For tlsClient, simply add the proper SCSV to the ClientHello
cipher list (cf. RFC 5746 ยง 3.3);
2. For tlsServer, respond with an empty renegotiation extension
in the ServerHello if we received either the SCSV or an empty
renegotiation extension in the ClientHello.
Since we close the hand file and never open it after the initial
handshake, we can rely on tls(3) to send the "no renegotiation"
alerts if subsequent handshake records are received.
Diffstat (limited to 'sys/src/cmd/nusb/kb/kb.c')
0 files changed, 0 insertions, 0 deletions