openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

Adds dtls 1.3 support in TLS::Proxy 

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23375)
This commit is contained in:
Frederik Wedel-Heinen 2024-01-23 15:11:03 +01:00 committed by Tomas Mraz
parent 5dfc0e307b
commit cb57dc4632
2 changed files with 9 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
util/perl/TLSProxy/Record.pm
View File

@ -36,6 +36,7 @@ my %record_type = (
);
use constant {
VERS_DTLS_1_3 => 0xfefc,
VERS_DTLS_1_2 => 0xfefd,
VERS_DTLS_1 => 0xfeff,
VERS_TLS_1_4 => 0x0305,
@ -48,6 +49,7 @@ use constant {
};
our %tls_version = (
VERS_DTLS_1_3, "DTLS1.3",
VERS_DTLS_1_2, "DTLS1.2",
VERS_DTLS_1, "DTLS1",
VERS_TLS_1_3, "TLS1.3",
@ -391,21 +393,17 @@ sub reconstruct_record
if ($self->sslv2) {
$data = pack('n', $self->len | 0x8000);
} else {
my $content_type = (TLSProxy::Proxy->is_tls13() && $self->encrypted)
? $self->outer_content_type : $self->content_type;
if($self->{isdtls}) {
my $seqhi = ($self->seq >> 32) & 0xffff;
my $seqmi = ($self->seq >> 16) & 0xffff;
my $seqlo = ($self->seq >> 0) & 0xffff;
$data = pack('Cnnnnnn', $self->content_type, $self->version,
$data = pack('Cnnnnnn', $content_type, $self->version,
$self->epoch, $seqhi, $seqmi, $seqlo, $self->len);
} else {
if (TLSProxy::Proxy->is_tls13() && $self->encrypted) {
$data = pack('Cnn', $self->outer_content_type, $self->version,
$self->len);
}
else {
$data = pack('Cnn', $self->content_type, $self->version,
$self->len);
}
$data = pack('Cnn', $content_type, $self->version,
$self->len);
}
}

3
util/perl/TLSProxy/ServerHello.pm
View File

@ -111,7 +111,8 @@ sub parse
if ($random eq $hrrrandom) {
TLSProxy::Proxy->is_tls13(1);
} elsif ($neg_version == TLSProxy::Record::VERS_TLS_1_3) {
} elsif ($neg_version == TLSProxy::Record::VERS_TLS_1_3
|| $neg_version == TLSProxy::Record::VERS_DTLS_1_3) {
TLSProxy::Proxy->is_tls13(1);
TLSProxy::Record->server_encrypting(1);