Support DTLS1.3 downgrade when server sends multiple handshakes in pa…

…cket If the server sends Server Hello, Server Key Exchange and Server Hello Done in a single DTLS packet, but for DTLS1.2 in response to a client DTLS1.3 request, then FIRST_REPLAY state does not occur until the server re-sends the packet. At this point wolfSSLconnect() gets used and all bursts into life. When processing handshakes in wolfSSL_connect_TLSv13() for case HELLO_AGAIN_REPLY, downgrade to using wolfSSLconnect() to continue processing the remaining handshakes in the packet. Found when using Mbed TLS for the server.
wolfSSL · Aug 6, 2024 · bcbd701 · bcbd701
1 parent 54370cc
commit bcbd701
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/src/tls13.c b/src/tls13.c
@@ -13086,6 +13086,14 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
         case HELLO_AGAIN_REPLY:
             /* Get the response/s from the server. */
             while (ssl->options.serverState < SERVER_FINISHED_COMPLETE) {
+#ifdef WOLFSSL_DTLS13
+                if (!IsAtLeastTLSv1_3(ssl->version)) {
+        #ifndef WOLFSSL_NO_TLS12
+                    if (ssl->options.downgrade)
+                        return wolfSSL_connect(ssl);
+        #endif
+                }
+#endif /* WOLFSSL_DTLS13 */
                 if ((ssl->error = ProcessReply(ssl)) < 0) {
                         WOLFSSL_ERROR(ssl->error);
                         return WOLFSSL_FATAL_ERROR;