[openssl/openssl] eaee1d: Adds initial dtls 1.3 structs and definitions
0 views
Skip to first unread message
Ryan Hooper
Dec 18, 2025, 10:35:38 AM (21 hours ago) Dec 18
to openssl...@openssl.org
Branch: refs/heads/feature/dtls-1.3
Home: https://github.com/openssl/openssl
Commit: eaee1ddc013c7296f0fc79394ffa02b915004c6d
https://github.com/openssl/openssl/commit/eaee1ddc013c7296f0fc79394ffa02b915004c6d
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M include/openssl/prov_ssl.h
M include/openssl/ssl.h.in
M ssl/d1_lib.c
M ssl/methods.c
M ssl/record/methods/recmethod_local.h
M ssl/record/methods/tls13_meth.c
M ssl/ssl_local.h
Log Message:
-----------
Adds initial dtls 1.3 structs and definitions
Reviewed-by: Neil Horman <nho...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Richard Levitte <lev...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22259)
Commit: 007ad67ef7280055900a24f3d52fa896203a41bc
https://github.com/openssl/openssl/commit/007ad67ef7280055900a24f3d52fa896203a41bc
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/methods.c
Log Message:
-----------
Remove compile guards for dtls1.3 method implementations
Reviewed-by: Neil Horman <nho...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Richard Levitte <lev...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22259)
Commit: ab70404258bba0d838eabd224576a0f65296167e
https://github.com/openssl/openssl/commit/ab70404258bba0d838eabd224576a0f65296167e
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M apps/include/opt.h
M apps/lib/s_cb.c
M apps/s_client.c
M apps/s_server.c
Log Message:
-----------
Integrate dtls1.3 in s_client and s_server
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22260)
Commit: 1c11c2898143f40f18b0bb84291b6e124e3d937d
https://github.com/openssl/openssl/commit/1c11c2898143f40f18b0bb84291b6e124e3d937d
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M doc/man1/openssl-s_client.pod.in
M doc/man1/openssl-s_server.pod.in
M doc/man1/openssl.pod
M doc/perlvars.pm
Log Message:
-----------
Adds DTLS 1.3 functionality to s_client and s_server documentation.
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22260)
Commit: dcafb538861b221cfae4f10b10b66f785762dafe
https://github.com/openssl/openssl/commit/dcafb538861b221cfae4f10b10b66f785762dafe
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M apps/s_client.c
Log Message:
-----------
Print session ticket for dtls 1.3 as well.
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22260)
Commit: c504cdb65f2eaae50c802d5d42d2be093b0c9ef4
https://github.com/openssl/openssl/commit/c504cdb65f2eaae50c802d5d42d2be093b0c9ef4
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/extensions.c
M ssl/statem/extensions_clnt.c
M ssl/statem/extensions_srvr.c
Log Message:
-----------
Support TLS1.3 extensions with DTLS1.3
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22261)
Commit: b6169af8eed2207cc129244b982bf9efc1d47371
https://github.com/openssl/openssl/commit/b6169af8eed2207cc129244b982bf9efc1d47371
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/tls13_enc.c
Log Message:
-----------
Use dtls1.3 cryptographic label prefix as dictated by RFC 9147 section 5.9
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22416)
Commit: d73909854da2562575cfd0505b853e0e24e4cdc4
https://github.com/openssl/openssl/commit/d73909854da2562575cfd0505b853e0e24e4cdc4
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/tls13_enc.c
Log Message:
-----------
Determine which label prefix to use based on if the connection is dtls
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22416)
Commit: ee2e76b68e7c53b68140e5d03235a5d2964f5a53
https://github.com/openssl/openssl/commit/ee2e76b68e7c53b68140e5d03235a5d2964f5a53
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/ssl_conf.c
M ssl/t1_trce.c
M test/helpers/ssl_test_ctx.c
M test/ssl_old_test.c
Log Message:
-----------
Adds DTLS1.3 to ssl protocol to text structs
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22273)
Commit: 6081fabcb2ab32ce07992568b0606fa473d59a8d
https://github.com/openssl/openssl/commit/6081fabcb2ab32ce07992568b0606fa473d59a8d
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/ssl_lib.c
Log Message:
-----------
Add dtls1.3 to ssl_protocol_to_string()
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22273)
Commit: b8063ec5c4f8810e90d8dc8762165ce579f8e3a0
https://github.com/openssl/openssl/commit/b8063ec5c4f8810e90d8dc8762165ce579f8e3a0
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/ssl_conf.c
Log Message:
-----------
Fix protocol list for cmd_Protocol()
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22273)
Commit: 158f34385c1590f4daa69aa211560f7861c79dfb
https://github.com/openssl/openssl/commit/158f34385c1590f4daa69aa211560f7861c79dfb
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/statem.c
M ssl/statem/statem_clnt.c
M ssl/statem/statem_lib.c
M ssl/statem/statem_srvr.c
Log Message:
-----------
Update tls state machine logic to support dtls1.3 alongside tls1.3
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22366)
Updated the logic in ssl_cipher_list_to_bytes to take account of the changes
from PR#24161
Reviewed-by: Richard Levitte <lev...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24226)
Commit: 260d5cac01deb358299960941f9d5b5d06ee4fdf
https://github.com/openssl/openssl/commit/260d5cac01deb358299960941f9d5b5d06ee4fdf
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/statem_clnt.c
M ssl/statem/statem_srvr.c
Log Message:
-----------
Fix sending session ids in DTLS-1.3
DTLS 1.3 session id must not be sent by client unless
it has a cached id. And DTLS 1.3 servers must not echo
a session id from a client.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22366)
Commit: 6fcc5b3fd19b49702c641fbb675773bf4b90f187
https://github.com/openssl/openssl/commit/6fcc5b3fd19b49702c641fbb675773bf4b90f187
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/ssl_local.h
M ssl/statem/extensions_srvr.c
M ssl/statem/statem.c
M ssl/statem/statem_clnt.c
M ssl/statem/statem_lib.c
M ssl/statem/statem_srvr.c
Log Message:
-----------
Do DTLS13 and TLS13 connection version check in one macro
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22366)
Commit: e19c96886c3b8270fb82ba6fbb1f20c097c0eac4
https://github.com/openssl/openssl/commit/e19c96886c3b8270fb82ba6fbb1f20c097c0eac4
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/statem_srvr.c
Log Message:
-----------
Fix wrong dtls 1 and 1.2 version check
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22366)
Commit: 6a7a3de2bd8584b4da235f4975ce449c90eb35b2
https://github.com/openssl/openssl/commit/6a7a3de2bd8584b4da235f4975ce449c90eb35b2
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M providers/common/capabilities.c
M ssl/s3_lib.c
M ssl/statem/extensions.c
M ssl/statem/extensions_clnt.c
M ssl/statem/extensions_srvr.c
M ssl/t1_lib.c
Log Message:
-----------
Support TLS 1.3 kexs and groups with DTLS 1.3
SSL_CONNECTION_IS_VERSION13 macro is used where appropriate.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22364)
Commit: ad2147fa6c24ff7612633868ea10f088a534de2e
https://github.com/openssl/openssl/commit/ad2147fa6c24ff7612633868ea10f088a534de2e
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M util/perl/TLSProxy/Record.pm
M util/perl/TLSProxy/ServerHello.pm
Log Message:
-----------
Adds dtls 1.3 support in TLS::Proxy
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23375)
Commit: b1a2053a61abc9d79688555202bba830e90e6b75
https://github.com/openssl/openssl/commit/b1a2053a61abc9d79688555202bba830e90e6b75
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M apps/include/s_apps.h
Log Message:
-----------
Don't allow renegotiation for DTLS 1.3
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22362)
Commit: 9076747c079790e8725f93032837a09d0e88d0cf
https://github.com/openssl/openssl/commit/9076747c079790e8725f93032837a09d0e88d0cf
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/record/rec_layer_d1.c
Log Message:
-----------
Make dtls1.3 changes to dtls1_read_bytes and do_dtls1_write which matches ssl3_read_bytes and ssl3_write_bytes
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22360)
Commit: 74d5b02c7032fb2a1e826451480fa051bdf33dfa
https://github.com/openssl/openssl/commit/74d5b02c7032fb2a1e826451480fa051bdf33dfa
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/record/methods/dtls_meth.c
Log Message:
-----------
Adds some more changes dtls specific functions to make them more in sync with their tls counterparts.
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22360)
Commit: 3374c832196151aa05ac8a7d52cb842fb9c46261
https://github.com/openssl/openssl/commit/3374c832196151aa05ac8a7d52cb842fb9c46261
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/statem_dtls.c
Log Message:
-----------
Make similar changes to dtls1_do_write() for dtls1.3 as in ssl3_do_write() for tls1.3
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22360)
Commit: ecd72174b69355abb3ab189fea793df37fde2fd5
https://github.com/openssl/openssl/commit/ecd72174b69355abb3ab189fea793df37fde2fd5
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/record/rec_layer_d1.c
Log Message:
-----------
Handle alerts similarly in dtls1_read_bytes() as done in ssl3_read_bytes()
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22360)
Commit: a9dfb815fdd218ff82d7826a3894aa5c5e7b9f78
https://github.com/openssl/openssl/commit/a9dfb815fdd218ff82d7826a3894aa5c5e7b9f78
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/t1_lib.c
Log Message:
-----------
Support TLS1.3 sigalg logic in DTLS1.3
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22380)
Commit: 4b2c40d71d6cc0883cfa8fd52f9518b313f7a454
https://github.com/openssl/openssl/commit/4b2c40d71d6cc0883cfa8fd52f9518b313f7a454
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/statem_dtls.c
Log Message:
-----------
Removes an mtu assertion that fails
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22401)
Commit: 9401a204868d961c8c08263d1d7ee37fb55f235e
https://github.com/openssl/openssl/commit/9401a204868d961c8c08263d1d7ee37fb55f235e
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/ssl_sess.c
M ssl/t1_lib.c
M ssl/t1_trce.c
Log Message:
-----------
Update session id and ticket logic for dtls13
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22936)
Commit: a30d7e5eefa72dbb24526f0056447a48ea2c4096
https://github.com/openssl/openssl/commit/a30d7e5eefa72dbb24526f0056447a48ea2c4096
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/ssl_txt.c
Log Message:
-----------
Fix session print for dtls1.3
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22936)
Commit: d9a6799ac19cbade6aa4a1159389a397e72f6c00
https://github.com/openssl/openssl/commit/d9a6799ac19cbade6aa4a1159389a397e72f6c00
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/record/methods/tls_common.c
M ssl/record/methods/tlsany_meth.c
Log Message:
-----------
tls_post_encryption_processing_default() and tls_validate_record_header()
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22376)
Commit: d70ddf279a2eeffafc269acf8f39a840d7d0827f
https://github.com/openssl/openssl/commit/d70ddf279a2eeffafc269acf8f39a840d7d0827f
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/ssl_lib.c
Log Message:
-----------
Fix ssl_lib functions for dtls 1.3
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22378)
Commit: 19dd6d92f41d303babd4ea847020f5c73e5c6d04
https://github.com/openssl/openssl/commit/19dd6d92f41d303babd4ea847020f5c73e5c6d04
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/s3_lib.c
M ssl/statem/statem_clnt.c
M ssl/statem/statem_lib.c
M ssl/t1_lib.c
Log Message:
-----------
Sanity tests of inputs to ssl_version_cmp
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24293)
Commit: f31afa4966fd2847862653ca47ccc9ff6c7f38ad
https://github.com/openssl/openssl/commit/f31afa4966fd2847862653ca47ccc9ff6c7f38ad
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/statem_lib.c
M ssl/t1_lib.c
Log Message:
-----------
Fix sanity tests for ssl_version_cmp for dtls 1.3 branch
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24293)
Commit: adf71b56f056044d2e7ebea473fc0c34c87e0003
https://github.com/openssl/openssl/commit/adf71b56f056044d2e7ebea473fc0c34c87e0003
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M include/openssl/dtls1.h
M ssl/ssl_local.h
M ssl/statem/statem_clnt.c
M ssl/statem/statem_lib.c
Log Message:
-----------
Update dtls max version
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
Commit: 8a1925c1d80e500bc2cbfa817c11cb70cf8c4fe7
https://github.com/openssl/openssl/commit/8a1925c1d80e500bc2cbfa817c11cb70cf8c4fe7
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/statem_clnt.c
Log Message:
-----------
Remove obsolete TODO and guards for post handshake authentication in DTLS 1.3
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
Commit: 9bccf188a9c6d500ae56424ef78de125f5af4a57
https://github.com/openssl/openssl/commit/9bccf188a9c6d500ae56424ef78de125f5af4a57
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/ssl_lib.c
M test/ssl_ctx_test.c
Log Message:
-----------
Update DTLS version tests
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
Commit: afd67f23b2c1b0c433e91425e5f9405386ac991b
https://github.com/openssl/openssl/commit/afd67f23b2c1b0c433e91425e5f9405386ac991b
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/statem_lib.c
Log Message:
-----------
Fix version check to avoid unsupported protocol error in ssl_choose_server_version()
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
Commit: 88ebd68d047275d8e260fd1ec09d540882e843d5
https://github.com/openssl/openssl/commit/88ebd68d047275d8e260fd1ec09d540882e843d5
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/extensions_clnt.c
Log Message:
-----------
Fix renegotiation check that was added in https://github.com/openssl/openssl/pull/24161
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
Commit: 5ad8d7f4b8cf4fbd5b02b7ebd5679fdab3083343
https://github.com/openssl/openssl/commit/5ad8d7f4b8cf4fbd5b02b7ebd5679fdab3083343
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M fuzz/dtlsclient.c
M test/dtls_mtu_test.c
M test/dtlstest.c
M test/ssl-tests/29-dtls-sctp-label-bug.cnf
M test/ssl-tests/29-dtls-sctp-label-bug.cnf.in
Log Message:
-----------
Run some failing tests with DTLS1.2
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
Commit: f87fc041c001740646704150569d33b0e158fe1b
https://github.com/openssl/openssl/commit/f87fc041c001740646704150569d33b0e158fe1b
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/ssl-tests/07-dtls-protocol-version.cnf
M test/ssl-tests/11-dtls_resumption.cnf
M test/ssl-tests/protocol_version.pm
Log Message:
-----------
Fix test_ssl_new tests
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
Commit: 37514f98901efd83c4dfc2a1af6e25d32b795bc4
https://github.com/openssl/openssl/commit/37514f98901efd83c4dfc2a1af6e25d32b795bc4
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/extensions.c
M ssl/statem/extensions_clnt.c
M ssl/statem/extensions_srvr.c
Log Message:
-----------
Check that both tls1.3 and dtls1.3 is disabled before removing code from compilation path.
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
Commit: aa34197e515210cf44e3101082e9cb8410f4bbaf
https://github.com/openssl/openssl/commit/aa34197e515210cf44e3101082e9cb8410f4bbaf
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/ssl_local.h
M ssl/statem/statem_clnt.c
M ssl/statem/statem_lib.c
M ssl/statem/statem_srvr.c
Log Message:
-----------
Disable middlebox for dtls
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
Commit: af1addb4284b6e48052f705643524ff114038efc
https://github.com/openssl/openssl/commit/af1addb4284b6e48052f705643524ff114038efc
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/tls13_enc.c
M test/tls13secretstest.c
Log Message:
-----------
Clear old messages from queues in order to avoid leaks of record layer objects.
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
Commit: bbdfa7436c314401cb4c5fc5cd504023027e85c3
https://github.com/openssl/openssl/commit/bbdfa7436c314401cb4c5fc5cd504023027e85c3
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/t1_trce.c
Log Message:
-----------
Correct traces for certificates in dtls13
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22935)
Commit: 8ca9a37706883e7073ea8f6dd327734c513a412e
https://github.com/openssl/openssl/commit/8ca9a37706883e7073ea8f6dd327734c513a412e
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M doc/man1/openssl-s_client.pod.in
M doc/man3/SSL_CIPHER_get_name.pod
M doc/man3/SSL_CONF_cmd.pod
M doc/man3/SSL_CTX_set0_CA_list.pod
M doc/man3/SSL_CTX_set1_sigalgs.pod
M doc/man3/SSL_CTX_set_min_proto_version.pod
M doc/man3/SSL_CTX_set_num_tickets.pod
M doc/man3/SSL_CTX_set_options.pod
M doc/man3/SSL_check_chain.pod
M doc/man3/SSL_export_keying_material.pod
M doc/man3/SSL_get_shared_sigalgs.pod
M doc/man3/SSL_get_version.pod
Log Message:
-----------
Update documentation for DTLS1.3
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22363)
Commit: 6ee5c4a45cd475c7f49ff8b0f613e2ce453e8601
https://github.com/openssl/openssl/commit/6ee5c4a45cd475c7f49ff8b0f613e2ce453e8601
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M doc/man3/SSL_CONF_cmd.pod
Log Message:
-----------
Updates SSL_CONF_cmd.pod to be explicit when features are for both TLS and DTLS
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22363)
Commit: c8d4f8fca5182f02bc28c0b05461051f2365a18c
https://github.com/openssl/openssl/commit/c8d4f8fca5182f02bc28c0b05461051f2365a18c
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/ssl_local.h
Log Message:
-----------
Fix description of version field of ssl connection struct
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22937)
Commit: 54aec63b9f26b6f55137da08387dfd1cda1dcec9
https://github.com/openssl/openssl/commit/54aec63b9f26b6f55137da08387dfd1cda1dcec9
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/statem_srvr.c
Log Message:
-----------
Continue processing cookieless client hellos for dtls1.3
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22400)
Commit: 0529b0046b2ddfd2b13f6fc34b441cd94cc1a257
https://github.com/openssl/openssl/commit/0529b0046b2ddfd2b13f6fc34b441cd94cc1a257
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/ssl-tests/02-protocol-version.cnf
M test/ssl-tests/07-dtls-protocol-version.cnf
M test/ssl-tests/10-resumption.cnf
M test/ssl-tests/protocol_version.pm
Log Message:
-----------
Adds DTLSv1.3 to protocol_version.pm for additional protocol version tests.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23242)
Commit: 1275fd9ff57da43868e6916ee716b7d7d793c090
https://github.com/openssl/openssl/commit/1275fd9ff57da43868e6916ee716b7d7d793c090
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/dtlstest.c
M test/sslapitest.c
Log Message:
-----------
Run test_cookie() test with DTLS 1.3
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24425)
Commit: e6f126bd28cb174ac2913001ab0d149c93f0337a
https://github.com/openssl/openssl/commit/e6f126bd28cb174ac2913001ab0d149c93f0337a
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
A doc/designs/dtlsv1_3/dtlsv1_3-main.md
Log Message:
-----------
Add design document for DTLS 1.3 implementation
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23041)
Commit: 7f9d73e1b414dab0e4fe0ce93a1e0302e219986a
https://github.com/openssl/openssl/commit/7f9d73e1b414dab0e4fe0ce93a1e0302e219986a
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M apps/s_client.c
M apps/s_server.c
M ssl/record/methods/tls_common.c
M ssl/ssl_cert.c
M ssl/ssl_ciph.c
M ssl/ssl_lib.c
M ssl/ssl_local.h
M ssl/statem/extensions.c
M ssl/statem/extensions_clnt.c
M ssl/statem/extensions_srvr.c
M ssl/statem/statem_clnt.c
M ssl/statem/statem_lib.c
M ssl/t1_lib.c
M test/sslapitest.c
Log Message:
-----------
Refactor code and fix a couple of missing DTLSv1.3 checks.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24345)
Commit: 089b3ef7638e281fcf6b5e77261f37a82beec180
https://github.com/openssl/openssl/commit/089b3ef7638e281fcf6b5e77261f37a82beec180
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/record/methods/dtls_meth.c
M ssl/statem/statem_dtls.c
Log Message:
-----------
Re-enable mtu assertion which previously failed for DTLS 1.3
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24524)
Commit: e4771cce5faed8cad990eeb24fc77a25b64606aa
https://github.com/openssl/openssl/commit/e4771cce5faed8cad990eeb24fc77a25b64606aa
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M crypto/packet.c
M include/internal/common.h
M include/internal/packet.h
M ssl/statem/extensions.c
M ssl/statem/extensions_clnt.c
M ssl/statem/statem_dtls.c
M ssl/statem/statem_lib.c
M test/dtls_mtu_test.c
M test/ssl-tests/29-dtls-sctp-label-bug.cnf.in
Log Message:
-----------
Place start of ClientHello correctly when calculating binder for DTLS 1.3
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24426)
Commit: b10580efb6e64eeddfb0ed02a183d48933a6e30c
https://github.com/openssl/openssl/commit/b10580efb6e64eeddfb0ed02a183d48933a6e30c
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/statem_dtls.c
Log Message:
-----------
Use WPACKET in dtls1_do_write()
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24426)
Commit: db560ade8c74cadccab1e1e4178db8cc4d2988b8
https://github.com/openssl/openssl/commit/db560ade8c74cadccab1e1e4178db8cc4d2988b8
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M fuzz/dtlsclient.c
M ssl/d1_lib.c
M ssl/ssl_local.h
M ssl/statem/extensions_clnt.c
M ssl/statem/statem_clnt.c
M ssl/statem/statem_lib.c
M test/dtlstest.c
Log Message:
-----------
Fix an assertion failure which happens when a DTLS 1.3 client receives a HelloVerifyRequest.
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24509)
Commit: b1cd19d99f994718d596456f99bc89bc912fa174
https://github.com/openssl/openssl/commit/b1cd19d99f994718d596456f99bc89bc912fa174
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M Configure
M test/recipes/70-test_tls13alerts.t
M util/perl/TLSProxy/Message.pm
M util/perl/TLSProxy/Proxy.pm
M util/perl/TLSProxy/Record.pm
M util/perl/TLSProxy/ServerKeyExchange.pm
Log Message:
-----------
Run 70-test_tls13alerts.t with dtls
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24525)
Commit: d9c913731cad269769ad9b69c4a51cfe45ed2e9d
https://github.com/openssl/openssl/commit/d9c913731cad269769ad9b69c4a51cfe45ed2e9d
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/recipes/70-test_tls13cookie.t
Log Message:
-----------
Run 70-test_tls13cookie.t with dtls
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24525)
Commit: 6607b4345edca65c7720030220c7b92e8ce18db5
https://github.com/openssl/openssl/commit/6607b4345edca65c7720030220c7b92e8ce18db5
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/recipes/70-test_tls13hrr.t
Log Message:
-----------
Run 70-test_tls13hrr.t with dtls
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24525)
Commit: ab479d71698f10e1159d0b19faf84f0fb5d81b23
https://github.com/openssl/openssl/commit/ab479d71698f10e1159d0b19faf84f0fb5d81b23
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/recipes/70-test_tls13psk.t
Log Message:
-----------
Add support for running 70-test_tls13psk.t with dtls
Has to be currently disabled because it fails.
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24525)
Commit: 2e13d7339ead1a312ec22a405fe13692fe7e2f4f
https://github.com/openssl/openssl/commit/2e13d7339ead1a312ec22a405fe13692fe7e2f4f
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/recipes/70-test_tls13messages.t
Log Message:
-----------
Run 70-test_tls13messages.t with dtls
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24525)
Commit: 0be56c45a95d039b5536260c99b1a6dc4ea34460
https://github.com/openssl/openssl/commit/0be56c45a95d039b5536260c99b1a6dc4ea34460
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/recipes/70-test_tls13kexmodes.t
Log Message:
-----------
Run 70-test_tls13kexmodes.t with dtls
It is currently unsupported because of missing support in TLSProxy.
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24525)
Commit: a351d67c4c260f89afe92b30bac7fac39afa879c
https://github.com/openssl/openssl/commit/a351d67c4c260f89afe92b30bac7fac39afa879c
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/recipes/70-test_tls13alerts.t
M test/recipes/70-test_tls13certcomp.t
M test/recipes/70-test_tls13cookie.t
M test/recipes/70-test_tls13hrr.t
M test/recipes/70-test_tls13psk.t
Log Message:
-----------
Run 70-test_tls13certcomp.t with dtls
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24525)
Commit: eb3dd826e83cbfbfc026a70b98c288cd2bcb27ef
https://github.com/openssl/openssl/commit/eb3dd826e83cbfbfc026a70b98c288cd2bcb27ef
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/statem_clnt.c
M ssl/statem/statem_srvr.c
M test/dtls_mtu_test.c
Log Message:
-----------
Fix SCTP todo
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24605)
Commit: 75a6daa3e54a74992bc4a30142cd77f393f926c9
https://github.com/openssl/openssl/commit/75a6daa3e54a74992bc4a30142cd77f393f926c9
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M include/internal/common.h
M ssl/d1_lib.c
M ssl/record/rec_layer_d1.c
M ssl/ssl_local.h
M ssl/statem/statem_dtls.c
M util/indent.pro
Log Message:
-----------
Refactor handshake msg header parsing etc.
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24607)
Commit: 24ea63ce592359cf9bc4ca028ed90a75a5734601
https://github.com/openssl/openssl/commit/24ea63ce592359cf9bc4ca028ed90a75a5734601
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M doc/designs/dtlsv1_3/dtlsv1_3-main.md
M ssl/record/rec_layer_d1.c
M ssl/tls13_enc.c
A test/recipes/70-test_dtls13epoch.t
M test/recipes/70-test_tls13alerts.t
M test/tls13secretstest.c
Log Message:
-----------
Update epochs when changing key and cipher state for dtls 1.3
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23229)
Commit: 62fb5189143761b990232ce1d20d87b1551d4fb4
https://github.com/openssl/openssl/commit/62fb5189143761b990232ce1d20d87b1551d4fb4
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/s3_lib.c
M ssl/ssl_local.h
M ssl/statem/statem_lib.c
M ssl/statem/statem_srvr.c
M test/recipes/70-test_tls13downgrade.t
M util/perl/TLSProxy/Certificate.pm
M util/perl/TLSProxy/CertificateRequest.pm
M util/perl/TLSProxy/CertificateVerify.pm
M util/perl/TLSProxy/ClientHello.pm
M util/perl/TLSProxy/EncryptedExtensions.pm
M util/perl/TLSProxy/HelloVerifyRequest.pm
M util/perl/TLSProxy/Message.pm
M util/perl/TLSProxy/NewSessionTicket.pm
M util/perl/TLSProxy/ServerHello.pm
M util/perl/TLSProxy/ServerKeyExchange.pm
Log Message:
-----------
Support dtls 1.3 downgrade mechanism
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23320)
Commit: f9cdccb4e0b0e17a5109279b756a6058a5c5758a
https://github.com/openssl/openssl/commit/f9cdccb4e0b0e17a5109279b756a6058a5c5758a
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M include/internal/recordmethod.h
M include/openssl/dtls1.h
M ssl/d1_lib.c
M ssl/quic/quic_tls.c
M ssl/record/methods/dtls_meth.c
M ssl/record/methods/ktls_meth.c
M ssl/record/methods/recmethod_local.h
M ssl/record/methods/ssl3_meth.c
M ssl/record/methods/tls13_meth.c
M ssl/record/methods/tls1_meth.c
M ssl/record/methods/tls_common.c
M ssl/record/methods/tlsany_meth.c
M ssl/record/rec_layer_s3.c
M ssl/record/record.h
M ssl/s3_enc.c
M ssl/s3_lib.c
M ssl/ssl_ciph.c
M ssl/ssl_local.h
M ssl/ssl_txt.c
M ssl/statem/statem_clnt.c
M ssl/t1_enc.c
M ssl/tls13_enc.c
M test/tls13encryptiontest.c
M test/tls13secretstest.c
Log Message:
-----------
DTLS 1.3 record number encryption
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23511)
Commit: 6e80e7e994ca40682d2f1fc7d564511b284d7d1a
https://github.com/openssl/openssl/commit/6e80e7e994ca40682d2f1fc7d564511b284d7d1a
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M doc/designs/dtlsv1_3/dtlsv1_3-main.md
M ssl/s3_enc.c
M ssl/ssl_local.h
M ssl/statem/extensions_srvr.c
M ssl/statem/statem_clnt.c
M ssl/statem/statem_dtls.c
M ssl/statem/statem_lib.c
M ssl/statem/statem_local.h
Log Message:
-----------
Fix DTLS 1.3 handshake transcript hash
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26035)
Commit: 72386208244c67d962455ec2db598e4497727601
https://github.com/openssl/openssl/commit/72386208244c67d962455ec2db598e4497727601
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/pqueue.c
M ssl/record/methods/dtls_meth.c
M ssl/record/methods/recmethod_local.h
M ssl/ssl_local.h
Log Message:
-----------
Avoid mallocing unprocessed_rcds and processed_rcds in dtls record layer
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26211)
Commit: fdd02b72e38580c661b573175cd1dc7156d82180
https://github.com/openssl/openssl/commit/fdd02b72e38580c661b573175cd1dc7156d82180
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/record/rec_layer_s3.c
M ssl/statem/statem_clnt.c
Log Message:
-----------
Check result of set_protocol_version() and use the version passed as argument
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26226)
Commit: 4a08d18737ee8b48f23f2a14001660c62647f7a1
https://github.com/openssl/openssl/commit/4a08d18737ee8b48f23f2a14001660c62647f7a1
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/tls13_enc.c
Log Message:
-----------
Sequence number cipher context is NULL for TLS connections
Fix memory sanitizer report of use of uninitialized variable: be explicit
that sequence number cipher context is NULL for TLS connections when
calling ssl_set_new_record_layer().
Reviewed-by: Paul Dale <ppz...@gmail.com>
Reviewed-by: Hugo Landau <hla...@devever.net>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26401)
Commit: a55cc9aafce31ffc714eac55051c9ef9b095d115
https://github.com/openssl/openssl/commit/a55cc9aafce31ffc714eac55051c9ef9b095d115
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M include/openssl/prov_ssl.h
M ssl/record/rec_layer_s3.c
M ssl/s3_enc.c
M ssl/ssl_local.h
M ssl/statem/statem_clnt.c
M ssl/statem/statem_dtls.c
M ssl/statem/statem_lib.c
Log Message:
-----------
This change fixes an issue where a DTLS 1.3 would calculate a wrong transcript hash.
A wrong transcript hash was calculated when the client received a HRR which caused interop failures with WolfSSL. This change also refactors the internal calls to ssl3_finish_mac() that no longer requires the "incl_hdr" argument.
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26465)
Commit: e44454e26981fc638a4ed914151838a0dfbd5d58
https://github.com/openssl/openssl/commit/e44454e26981fc638a4ed914151838a0dfbd5d58
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/d1_lib.c
M ssl/record/rec_layer_s3.c
M ssl/ssl_local.h
M ssl/statem/statem_dtls.c
Log Message:
-----------
Reduce the number of mallocs in dtls1_new() by allocating message queues together with the d1 struct.
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26150)
Commit: 340762d5d31805076734c691fcd3dc71aa29f3c9
https://github.com/openssl/openssl/commit/340762d5d31805076734c691fcd3dc71aa29f3c9
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/recipes/70-test_dtls13epoch.t
M test/recipes/70-test_tls13alerts.t
M test/recipes/70-test_tls13certcomp.t
M test/recipes/70-test_tls13hrr.t
M test/recipes/70-test_tls13messages.t
M util/perl/TLSProxy/Message.pm
Log Message:
-----------
TLSProxy: Handle partial messages with DTLS
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26532)
Commit: 41b511e335a0a857d8d69cc9aa7426d84fc255af
https://github.com/openssl/openssl/commit/41b511e335a0a857d8d69cc9aa7426d84fc255af
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M util/perl/TLSProxy/Proxy.pm
Log Message:
-----------
Adds a workaround for false negative test results with TLSProxy
The server is not able to shut down correctly
when the client sends an alert in epoch 0 and the
server has sent its Finished message.
As a workaround we accept a bad exit code for a failing
DTLS test run.
Fixes #26915
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26922)
Commit: a9789b13a54ea4c262079177ab847ac3324cbda8
https://github.com/openssl/openssl/commit/a9789b13a54ea4c262079177ab847ac3324cbda8
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M doc/designs/dtlsv1_3/dtlsv1_3-main.md
M doc/man3/SSL_get_version.pod
M include/openssl/dtls1.h
M ssl/d1_lib.c
M ssl/record/methods/dtls_meth.c
M ssl/record/methods/recmethod_local.h
M ssl/record/methods/tls13_meth.c
M ssl/record/methods/tls1_meth.c
M ssl/record/methods/tls_common.c
M test/helpers/ssltestlib.c
M util/perl/TLSProxy/Record.pm
Log Message:
-----------
Support DTLS 1.3 Unified Headers
Also set correct AAD for DTLS 1.3 message de-/encryption.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25668)
Commit: 8b2845b6556a729e8ff2ff20b2f56efdb5f8fd59
https://github.com/openssl/openssl/commit/8b2845b6556a729e8ff2ff20b2f56efdb5f8fd59
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/dtls_mtu_test.c
Log Message:
-----------
test_server_mtu_larger_than_max_fragment_length() should be run for DTLS 1.3
Previously it was forced to run on DTLS 1.2>. But the underlying issue was fixed on master and it works now that the feature branch has been rebased on top of a more recent master.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26574)
Commit: 795d3b0677929d1fedd82aadfa292a8471273248
https://github.com/openssl/openssl/commit/795d3b0677929d1fedd82aadfa292a8471273248
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/sslapitest.c
M test/tls-provider.c
Log Message:
-----------
Duplicate TLS 1.3 sslapitests for DTLS 1.3
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26912)
Commit: c783335de61ed500f6607ba05167579cc0e9e5e9
https://github.com/openssl/openssl/commit/c783335de61ed500f6607ba05167579cc0e9e5e9
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/statem_lib.c
Log Message:
-----------
Revert changes to ssl_version_cmp() to avoid calling assert on non-sane inputs
The function can be called with arbitrary inputs.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28000)
Commit: f02a12398875f4ed83cb173d58691048b32257e2
https://github.com/openssl/openssl/commit/f02a12398875f4ed83cb173d58691048b32257e2
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M apps/lib/s_cb.c
M doc/designs/dtlsv1_3/dtlsv1_3-main.md
M include/internal/packet.h
M include/internal/recordmethod.h
M include/internal/statem.h
M include/openssl/ssl.h.in
M include/openssl/ssl3.h
M ssl/d1_lib.c
M ssl/pqueue.c
M ssl/quic/quic_tls.c
M ssl/record/methods/dtls_meth.c
M ssl/record/methods/ktls_meth.c
M ssl/record/methods/recmethod_local.h
M ssl/record/methods/ssl3_meth.c
M ssl/record/methods/tls13_meth.c
M ssl/record/methods/tls1_meth.c
M ssl/record/methods/tls_common.c
M ssl/record/methods/tls_multib.c
M ssl/record/rec_layer_d1.c
M ssl/record/record.h
M ssl/ssl_local.h
M ssl/ssl_stat.c
M ssl/statem/statem.c
M ssl/statem/statem_clnt.c
M ssl/statem/statem_dtls.c
M ssl/statem/statem_local.h
M ssl/statem/statem_srvr.c
M ssl/tls13_enc.c
A test/recipes/70-test_dtls13ack.t
M test/recipes/70-test_sslcbcpadding.t
M test/recipes/70-test_sslrecords.t
M test/recipes/70-test_tls13hrr.t
M test/sslapitest.c
M test/tls13encryptiontest.c
M test/tls13secretstest.c
M util/perl/TLSProxy/Message.pm
M util/perl/TLSProxy/Proxy.pm
M util/perl/TLSProxy/Record.pm
A util/perl/TLSProxy/RecordNumber.pm
Log Message:
-----------
Adds DTLS 1.3 ACK message functionality
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25119)
Commit: 89dbcfcc2d4c032a1aee7570ac75a51948787517
https://github.com/openssl/openssl/commit/89dbcfcc2d4c032a1aee7570ac75a51948787517
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/d1_lib.c
M ssl/record/rec_layer_d1.c
M ssl/tls13_enc.c
Log Message:
-----------
Fixes an issue were dropped records sent from server was not retransmitted.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25119)
Commit: d86d69975d941c8c4dfedf105bfc083b0c9c7b3b
https://github.com/openssl/openssl/commit/d86d69975d941c8c4dfedf105bfc083b0c9c7b3b
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/record/methods/tls_multib.c
Log Message:
-----------
Minor style changes and check sequence for wraparound
We check the TLS sequence number for wraparound elsewhere,
this adds the check to TLS multiblock writes as well.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25119)
Commit: da81907c2b6a4a9a73b53af656e66748532ee6be
https://github.com/openssl/openssl/commit/da81907c2b6a4a9a73b53af656e66748532ee6be
Author: Tomas Mraz <to...@openssl.org>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/recipes/70-test_sslrecords.t
Log Message:
-----------
70-test_sslrecords.t: Fix indentation
Reviewed-by: Frederik Wedel-Heinen <fwh.o...@gmail.com>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28455)
Commit: c48fa552a5b02d20e22c0a0f21f1a2c2f7156d65
https://github.com/openssl/openssl/commit/c48fa552a5b02d20e22c0a0f21f1a2c2f7156d65
Author: Tomas Mraz <to...@openssl.org>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/recipes/70-test_dtls13ack.t
M test/recipes/70-test_dtls13epoch.t
M test/recipes/70-test_sslrecords.t
Log Message:
-----------
Use non-PQC key share for DTLS-1.3 TLSProxy tests
Reviewed-by: Frederik Wedel-Heinen <fwh.o...@gmail.com>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28455)
Commit: b29c1764154c5c28f76f7793b87b2130e6d62605
https://github.com/openssl/openssl/commit/b29c1764154c5c28f76f7793b87b2130e6d62605
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M apps/s_client.c
M apps/s_server.c
M ssl/ssl_cert.c
M ssl/statem/statem_clnt.c
Log Message:
-----------
Support OSCP responses for DTLS 1.3
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28455)
Commit: 36e6d460da5a5c5345142f1208efcf772c8f54fd
https://github.com/openssl/openssl/commit/36e6d460da5a5c5345142f1208efcf772c8f54fd
Author: Tomas Mraz <to...@openssl.org>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M providers/common/capabilities.c
Log Message:
-----------
sigalg_constants_list: Add DTLS1_3_VERSION to applicable sigalgs
Reviewed-by: Frederik Wedel-Heinen <fwh.o...@gmail.com>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28455)
Commit: 914bd289e88e27835b234720697790aa9aca2502
https://github.com/openssl/openssl/commit/914bd289e88e27835b234720697790aa9aca2502
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/extensions_srvr.c
M ssl/statem/statem_lib.c
M ssl/t1_lib.c
M ssl/t1_trce.c
M test/tls-provider.c
M util/perl/TLSProxy/Record.pm
Log Message:
-----------
TLS-1.3 specific sigalgs should be supported in DTLS-1.3
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28455)
Commit: 2c76b09150e6dafd772673c766a7643c4dcf0b91
https://github.com/openssl/openssl/commit/2c76b09150e6dafd772673c766a7643c4dcf0b91
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/recipes/70-test_sslrecords.t
M test/recipes/70-test_tls13downgrade.t
M test/recipes/70-test_tls13messages.t
Log Message:
-----------
Fixes of tests for DTLS-1.3
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28455)
Commit: 548a91a9407adcc6b7ef5f917ed666eccbf8a45a
https://github.com/openssl/openssl/commit/548a91a9407adcc6b7ef5f917ed666eccbf8a45a
Author: Tomas Mraz <to...@openssl.org>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/dtlstest.c
M test/recipes/70-test_tls13certcomp.t
M test/recipes/70-test_tls13cookie.t
M test/recipes/70-test_tls13downgrade.t
M test/recipes/70-test_tls13hrr.t
M test/recipes/70-test_tls13messages.t
Log Message:
-----------
DTLS1.3: Disable tests that currently fail
With added TODO(DTLSv1.3) comments
Reviewed-by: Frederik Wedel-Heinen <fwh.o...@gmail.com>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28455)
Commit: 7c1a812a3e1855d98f39feec613ae5dc6b7c4024
https://github.com/openssl/openssl/commit/7c1a812a3e1855d98f39feec613ae5dc6b7c4024
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/p_ossltest.c
M test/recipes/70-test_dtls13ack.t
Log Message:
-----------
Adds AES-128-ECB to ossltest provider to be able to reenable DTLS 1.3 ACK tests.
Reviewed-by: Neil Horman <nho...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28926)
Commit: a70ff7ca8c40946ceb1a85b3d2352e2d785ac1f0
https://github.com/openssl/openssl/commit/a70ff7ca8c40946ceb1a85b3d2352e2d785ac1f0
Author: Ryan Hooper <ryho...@cisco.com>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/d1_lib.c
M test/dtls_mtu_test.c
Log Message:
-----------
Fixes the DTLS MTU test
When calling DTLS_get_data_mtu the function was not taking
into account the extra byte after the data which contains
the content type.
Fixes: https://github.com/openssl/project/issues/1668
Reviewed-by: Frederik Wedel-Heinen <fwh.o...@gmail.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29081)
Commit: e847e74b76783635f2271b4cfc09ca90383209c8
https://github.com/openssl/openssl/commit/e847e74b76783635f2271b4cfc09ca90383209c8
Author: Ryan Hooper <ryho...@cisco.com>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M include/internal/recordmethod.h
M ssl/d1_msg.c
M ssl/quic/quic_tls.c
M ssl/record/methods/dtls_meth.c
M ssl/record/methods/ktls_meth.c
M ssl/record/methods/recmethod_local.h
M ssl/record/methods/tls13_meth.c
M ssl/record/methods/tls_common.c
M ssl/record/rec_layer_d1.c
M ssl/record/rec_layer_s3.c
M ssl/record/record.h
M ssl/statem/extensions.c
M ssl/statem/statem_clnt.c
M ssl/statem/statem_dtls.c
M ssl/statem/statem_srvr.c
M test/helpers/ssltestlib.c
M test/sslapitest.c
Log Message:
-----------
Fixing comment out tests for DTLS1.3 in sslapitest
Several tests where commented out for the behavior of DTLS1.3 is
different then TLS1.3. The main difference is around the ACK
message. This means some tests needed to be massaged to for
the peer to ACK to a certain message.
This PR does not remove all TODO's for DTLS1.3. Currently there
are two TODOs. One around padding for messages less than 16
bytes and one for authentication and integrity only messages.
Also this PR still has a lot of memory leaks. Looking into it
it has to deal with how new record layers are allocated for
new epochs. Because record layers are also stored in a list of
messages sent in case they need to be resent it wasn't a simple
fix. I feel like the memory leaks should be tackled in a
separate PR.
Fixes: https://github.com/openssl/project/issues/1667
Reviewed-by: Frederik Wedel-Heinen <fwh.o...@gmail.com>
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29067)
Commit: 0a2f79a6dd749d0bde3dfb14eb117369588293a1
https://github.com/openssl/openssl/commit/0a2f79a6dd749d0bde3dfb14eb117369588293a1
Author: Ryan Hooper <ryho...@cisco.com>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M include/openssl/ssl3.h
M ssl/statem/statem_clnt.c
M ssl/tls13_enc.c
M test/recipes/70-test_dtls13ack.t
M test/recipes/70-test_tls13certcomp.t
M util/perl/TLSProxy/Message.pm
M util/perl/TLSProxy/Proxy.pm
M util/perl/TLSProxy/Record.pm
Log Message:
-----------
Updating the DTLS Proxy ACK test to wait for the New Session ACK
Updated the DTLS 1.3 ACK tests that use the proxy to wait until
the ACK for the New Session Ticket is recieved.
Also updated some proxy tests now that the sessionfile can be
used and the DTLS1.3 client will shut down properly. This happens
because the Proxy sends a Close Notify Alert.
Also resolving a DTLS Proxy issue where the Proxy was not
taking into account the second fragment for a record and the
Handshake/Record Header.
Fixes: openssl/project#1669
Reviewed-by: Frederik Wedel-Heinen <fwh.o...@gmail.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29221)
Compare: https://github.com/openssl/openssl/compare/f6b986420d65...0a2f79a6dd74
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Home: https://github.com/openssl/openssl
Commit: eaee1ddc013c7296f0fc79394ffa02b915004c6d
https://github.com/openssl/openssl/commit/eaee1ddc013c7296f0fc79394ffa02b915004c6d
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M include/openssl/prov_ssl.h
M include/openssl/ssl.h.in
M ssl/d1_lib.c
M ssl/methods.c
M ssl/record/methods/recmethod_local.h
M ssl/record/methods/tls13_meth.c
M ssl/ssl_local.h
Log Message:
-----------
Adds initial dtls 1.3 structs and definitions
Reviewed-by: Neil Horman <nho...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Richard Levitte <lev...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22259)
Commit: 007ad67ef7280055900a24f3d52fa896203a41bc
https://github.com/openssl/openssl/commit/007ad67ef7280055900a24f3d52fa896203a41bc
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/methods.c
Log Message:
-----------
Remove compile guards for dtls1.3 method implementations
Reviewed-by: Neil Horman <nho...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Richard Levitte <lev...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22259)
Commit: ab70404258bba0d838eabd224576a0f65296167e
https://github.com/openssl/openssl/commit/ab70404258bba0d838eabd224576a0f65296167e
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M apps/include/opt.h
M apps/lib/s_cb.c
M apps/s_client.c
M apps/s_server.c
Log Message:
-----------
Integrate dtls1.3 in s_client and s_server
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22260)
Commit: 1c11c2898143f40f18b0bb84291b6e124e3d937d
https://github.com/openssl/openssl/commit/1c11c2898143f40f18b0bb84291b6e124e3d937d
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M doc/man1/openssl-s_client.pod.in
M doc/man1/openssl-s_server.pod.in
M doc/man1/openssl.pod
M doc/perlvars.pm
Log Message:
-----------
Adds DTLS 1.3 functionality to s_client and s_server documentation.
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22260)
Commit: dcafb538861b221cfae4f10b10b66f785762dafe
https://github.com/openssl/openssl/commit/dcafb538861b221cfae4f10b10b66f785762dafe
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M apps/s_client.c
Log Message:
-----------
Print session ticket for dtls 1.3 as well.
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22260)
Commit: c504cdb65f2eaae50c802d5d42d2be093b0c9ef4
https://github.com/openssl/openssl/commit/c504cdb65f2eaae50c802d5d42d2be093b0c9ef4
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/extensions.c
M ssl/statem/extensions_clnt.c
M ssl/statem/extensions_srvr.c
Log Message:
-----------
Support TLS1.3 extensions with DTLS1.3
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22261)
Commit: b6169af8eed2207cc129244b982bf9efc1d47371
https://github.com/openssl/openssl/commit/b6169af8eed2207cc129244b982bf9efc1d47371
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/tls13_enc.c
Log Message:
-----------
Use dtls1.3 cryptographic label prefix as dictated by RFC 9147 section 5.9
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22416)
Commit: d73909854da2562575cfd0505b853e0e24e4cdc4
https://github.com/openssl/openssl/commit/d73909854da2562575cfd0505b853e0e24e4cdc4
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/tls13_enc.c
Log Message:
-----------
Determine which label prefix to use based on if the connection is dtls
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22416)
Commit: ee2e76b68e7c53b68140e5d03235a5d2964f5a53
https://github.com/openssl/openssl/commit/ee2e76b68e7c53b68140e5d03235a5d2964f5a53
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/ssl_conf.c
M ssl/t1_trce.c
M test/helpers/ssl_test_ctx.c
M test/ssl_old_test.c
Log Message:
-----------
Adds DTLS1.3 to ssl protocol to text structs
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22273)
Commit: 6081fabcb2ab32ce07992568b0606fa473d59a8d
https://github.com/openssl/openssl/commit/6081fabcb2ab32ce07992568b0606fa473d59a8d
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/ssl_lib.c
Log Message:
-----------
Add dtls1.3 to ssl_protocol_to_string()
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22273)
Commit: b8063ec5c4f8810e90d8dc8762165ce579f8e3a0
https://github.com/openssl/openssl/commit/b8063ec5c4f8810e90d8dc8762165ce579f8e3a0
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/ssl_conf.c
Log Message:
-----------
Fix protocol list for cmd_Protocol()
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22273)
Commit: 158f34385c1590f4daa69aa211560f7861c79dfb
https://github.com/openssl/openssl/commit/158f34385c1590f4daa69aa211560f7861c79dfb
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/statem.c
M ssl/statem/statem_clnt.c
M ssl/statem/statem_lib.c
M ssl/statem/statem_srvr.c
Log Message:
-----------
Update tls state machine logic to support dtls1.3 alongside tls1.3
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22366)
Updated the logic in ssl_cipher_list_to_bytes to take account of the changes
from PR#24161
Reviewed-by: Richard Levitte <lev...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24226)
Commit: 260d5cac01deb358299960941f9d5b5d06ee4fdf
https://github.com/openssl/openssl/commit/260d5cac01deb358299960941f9d5b5d06ee4fdf
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/statem_clnt.c
M ssl/statem/statem_srvr.c
Log Message:
-----------
Fix sending session ids in DTLS-1.3
DTLS 1.3 session id must not be sent by client unless
it has a cached id. And DTLS 1.3 servers must not echo
a session id from a client.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22366)
Commit: 6fcc5b3fd19b49702c641fbb675773bf4b90f187
https://github.com/openssl/openssl/commit/6fcc5b3fd19b49702c641fbb675773bf4b90f187
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/ssl_local.h
M ssl/statem/extensions_srvr.c
M ssl/statem/statem.c
M ssl/statem/statem_clnt.c
M ssl/statem/statem_lib.c
M ssl/statem/statem_srvr.c
Log Message:
-----------
Do DTLS13 and TLS13 connection version check in one macro
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22366)
Commit: e19c96886c3b8270fb82ba6fbb1f20c097c0eac4
https://github.com/openssl/openssl/commit/e19c96886c3b8270fb82ba6fbb1f20c097c0eac4
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/statem_srvr.c
Log Message:
-----------
Fix wrong dtls 1 and 1.2 version check
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22366)
Commit: 6a7a3de2bd8584b4da235f4975ce449c90eb35b2
https://github.com/openssl/openssl/commit/6a7a3de2bd8584b4da235f4975ce449c90eb35b2
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M providers/common/capabilities.c
M ssl/s3_lib.c
M ssl/statem/extensions.c
M ssl/statem/extensions_clnt.c
M ssl/statem/extensions_srvr.c
M ssl/t1_lib.c
Log Message:
-----------
Support TLS 1.3 kexs and groups with DTLS 1.3
SSL_CONNECTION_IS_VERSION13 macro is used where appropriate.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22364)
Commit: ad2147fa6c24ff7612633868ea10f088a534de2e
https://github.com/openssl/openssl/commit/ad2147fa6c24ff7612633868ea10f088a534de2e
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M util/perl/TLSProxy/Record.pm
M util/perl/TLSProxy/ServerHello.pm
Log Message:
-----------
Adds dtls 1.3 support in TLS::Proxy
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23375)
Commit: b1a2053a61abc9d79688555202bba830e90e6b75
https://github.com/openssl/openssl/commit/b1a2053a61abc9d79688555202bba830e90e6b75
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M apps/include/s_apps.h
Log Message:
-----------
Don't allow renegotiation for DTLS 1.3
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22362)
Commit: 9076747c079790e8725f93032837a09d0e88d0cf
https://github.com/openssl/openssl/commit/9076747c079790e8725f93032837a09d0e88d0cf
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/record/rec_layer_d1.c
Log Message:
-----------
Make dtls1.3 changes to dtls1_read_bytes and do_dtls1_write which matches ssl3_read_bytes and ssl3_write_bytes
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22360)
Commit: 74d5b02c7032fb2a1e826451480fa051bdf33dfa
https://github.com/openssl/openssl/commit/74d5b02c7032fb2a1e826451480fa051bdf33dfa
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/record/methods/dtls_meth.c
Log Message:
-----------
Adds some more changes dtls specific functions to make them more in sync with their tls counterparts.
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22360)
Commit: 3374c832196151aa05ac8a7d52cb842fb9c46261
https://github.com/openssl/openssl/commit/3374c832196151aa05ac8a7d52cb842fb9c46261
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/statem_dtls.c
Log Message:
-----------
Make similar changes to dtls1_do_write() for dtls1.3 as in ssl3_do_write() for tls1.3
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22360)
Commit: ecd72174b69355abb3ab189fea793df37fde2fd5
https://github.com/openssl/openssl/commit/ecd72174b69355abb3ab189fea793df37fde2fd5
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/record/rec_layer_d1.c
Log Message:
-----------
Handle alerts similarly in dtls1_read_bytes() as done in ssl3_read_bytes()
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22360)
Commit: a9dfb815fdd218ff82d7826a3894aa5c5e7b9f78
https://github.com/openssl/openssl/commit/a9dfb815fdd218ff82d7826a3894aa5c5e7b9f78
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/t1_lib.c
Log Message:
-----------
Support TLS1.3 sigalg logic in DTLS1.3
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22380)
Commit: 4b2c40d71d6cc0883cfa8fd52f9518b313f7a454
https://github.com/openssl/openssl/commit/4b2c40d71d6cc0883cfa8fd52f9518b313f7a454
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/statem_dtls.c
Log Message:
-----------
Removes an mtu assertion that fails
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22401)
Commit: 9401a204868d961c8c08263d1d7ee37fb55f235e
https://github.com/openssl/openssl/commit/9401a204868d961c8c08263d1d7ee37fb55f235e
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/ssl_sess.c
M ssl/t1_lib.c
M ssl/t1_trce.c
Log Message:
-----------
Update session id and ticket logic for dtls13
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22936)
Commit: a30d7e5eefa72dbb24526f0056447a48ea2c4096
https://github.com/openssl/openssl/commit/a30d7e5eefa72dbb24526f0056447a48ea2c4096
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/ssl_txt.c
Log Message:
-----------
Fix session print for dtls1.3
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22936)
Commit: d9a6799ac19cbade6aa4a1159389a397e72f6c00
https://github.com/openssl/openssl/commit/d9a6799ac19cbade6aa4a1159389a397e72f6c00
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/record/methods/tls_common.c
M ssl/record/methods/tlsany_meth.c
Log Message:
-----------
tls_post_encryption_processing_default() and tls_validate_record_header()
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22376)
Commit: d70ddf279a2eeffafc269acf8f39a840d7d0827f
https://github.com/openssl/openssl/commit/d70ddf279a2eeffafc269acf8f39a840d7d0827f
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/ssl_lib.c
Log Message:
-----------
Fix ssl_lib functions for dtls 1.3
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22378)
Commit: 19dd6d92f41d303babd4ea847020f5c73e5c6d04
https://github.com/openssl/openssl/commit/19dd6d92f41d303babd4ea847020f5c73e5c6d04
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/s3_lib.c
M ssl/statem/statem_clnt.c
M ssl/statem/statem_lib.c
M ssl/t1_lib.c
Log Message:
-----------
Sanity tests of inputs to ssl_version_cmp
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24293)
Commit: f31afa4966fd2847862653ca47ccc9ff6c7f38ad
https://github.com/openssl/openssl/commit/f31afa4966fd2847862653ca47ccc9ff6c7f38ad
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/statem_lib.c
M ssl/t1_lib.c
Log Message:
-----------
Fix sanity tests for ssl_version_cmp for dtls 1.3 branch
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24293)
Commit: adf71b56f056044d2e7ebea473fc0c34c87e0003
https://github.com/openssl/openssl/commit/adf71b56f056044d2e7ebea473fc0c34c87e0003
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M include/openssl/dtls1.h
M ssl/ssl_local.h
M ssl/statem/statem_clnt.c
M ssl/statem/statem_lib.c
Log Message:
-----------
Update dtls max version
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
Commit: 8a1925c1d80e500bc2cbfa817c11cb70cf8c4fe7
https://github.com/openssl/openssl/commit/8a1925c1d80e500bc2cbfa817c11cb70cf8c4fe7
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/statem_clnt.c
Log Message:
-----------
Remove obsolete TODO and guards for post handshake authentication in DTLS 1.3
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
Commit: 9bccf188a9c6d500ae56424ef78de125f5af4a57
https://github.com/openssl/openssl/commit/9bccf188a9c6d500ae56424ef78de125f5af4a57
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/ssl_lib.c
M test/ssl_ctx_test.c
Log Message:
-----------
Update DTLS version tests
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
Commit: afd67f23b2c1b0c433e91425e5f9405386ac991b
https://github.com/openssl/openssl/commit/afd67f23b2c1b0c433e91425e5f9405386ac991b
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/statem_lib.c
Log Message:
-----------
Fix version check to avoid unsupported protocol error in ssl_choose_server_version()
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
Commit: 88ebd68d047275d8e260fd1ec09d540882e843d5
https://github.com/openssl/openssl/commit/88ebd68d047275d8e260fd1ec09d540882e843d5
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/extensions_clnt.c
Log Message:
-----------
Fix renegotiation check that was added in https://github.com/openssl/openssl/pull/24161
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
Commit: 5ad8d7f4b8cf4fbd5b02b7ebd5679fdab3083343
https://github.com/openssl/openssl/commit/5ad8d7f4b8cf4fbd5b02b7ebd5679fdab3083343
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M fuzz/dtlsclient.c
M test/dtls_mtu_test.c
M test/dtlstest.c
M test/ssl-tests/29-dtls-sctp-label-bug.cnf
M test/ssl-tests/29-dtls-sctp-label-bug.cnf.in
Log Message:
-----------
Run some failing tests with DTLS1.2
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
Commit: f87fc041c001740646704150569d33b0e158fe1b
https://github.com/openssl/openssl/commit/f87fc041c001740646704150569d33b0e158fe1b
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/ssl-tests/07-dtls-protocol-version.cnf
M test/ssl-tests/11-dtls_resumption.cnf
M test/ssl-tests/protocol_version.pm
Log Message:
-----------
Fix test_ssl_new tests
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
Commit: 37514f98901efd83c4dfc2a1af6e25d32b795bc4
https://github.com/openssl/openssl/commit/37514f98901efd83c4dfc2a1af6e25d32b795bc4
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/extensions.c
M ssl/statem/extensions_clnt.c
M ssl/statem/extensions_srvr.c
Log Message:
-----------
Check that both tls1.3 and dtls1.3 is disabled before removing code from compilation path.
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
Commit: aa34197e515210cf44e3101082e9cb8410f4bbaf
https://github.com/openssl/openssl/commit/aa34197e515210cf44e3101082e9cb8410f4bbaf
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/ssl_local.h
M ssl/statem/statem_clnt.c
M ssl/statem/statem_lib.c
M ssl/statem/statem_srvr.c
Log Message:
-----------
Disable middlebox for dtls
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
Commit: af1addb4284b6e48052f705643524ff114038efc
https://github.com/openssl/openssl/commit/af1addb4284b6e48052f705643524ff114038efc
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/tls13_enc.c
M test/tls13secretstest.c
Log Message:
-----------
Clear old messages from queues in order to avoid leaks of record layer objects.
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
Commit: bbdfa7436c314401cb4c5fc5cd504023027e85c3
https://github.com/openssl/openssl/commit/bbdfa7436c314401cb4c5fc5cd504023027e85c3
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/t1_trce.c
Log Message:
-----------
Correct traces for certificates in dtls13
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22935)
Commit: 8ca9a37706883e7073ea8f6dd327734c513a412e
https://github.com/openssl/openssl/commit/8ca9a37706883e7073ea8f6dd327734c513a412e
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M doc/man1/openssl-s_client.pod.in
M doc/man3/SSL_CIPHER_get_name.pod
M doc/man3/SSL_CONF_cmd.pod
M doc/man3/SSL_CTX_set0_CA_list.pod
M doc/man3/SSL_CTX_set1_sigalgs.pod
M doc/man3/SSL_CTX_set_min_proto_version.pod
M doc/man3/SSL_CTX_set_num_tickets.pod
M doc/man3/SSL_CTX_set_options.pod
M doc/man3/SSL_check_chain.pod
M doc/man3/SSL_export_keying_material.pod
M doc/man3/SSL_get_shared_sigalgs.pod
M doc/man3/SSL_get_version.pod
Log Message:
-----------
Update documentation for DTLS1.3
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22363)
Commit: 6ee5c4a45cd475c7f49ff8b0f613e2ce453e8601
https://github.com/openssl/openssl/commit/6ee5c4a45cd475c7f49ff8b0f613e2ce453e8601
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M doc/man3/SSL_CONF_cmd.pod
Log Message:
-----------
Updates SSL_CONF_cmd.pod to be explicit when features are for both TLS and DTLS
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22363)
Commit: c8d4f8fca5182f02bc28c0b05461051f2365a18c
https://github.com/openssl/openssl/commit/c8d4f8fca5182f02bc28c0b05461051f2365a18c
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/ssl_local.h
Log Message:
-----------
Fix description of version field of ssl connection struct
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22937)
Commit: 54aec63b9f26b6f55137da08387dfd1cda1dcec9
https://github.com/openssl/openssl/commit/54aec63b9f26b6f55137da08387dfd1cda1dcec9
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/statem_srvr.c
Log Message:
-----------
Continue processing cookieless client hellos for dtls1.3
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22400)
Commit: 0529b0046b2ddfd2b13f6fc34b441cd94cc1a257
https://github.com/openssl/openssl/commit/0529b0046b2ddfd2b13f6fc34b441cd94cc1a257
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/ssl-tests/02-protocol-version.cnf
M test/ssl-tests/07-dtls-protocol-version.cnf
M test/ssl-tests/10-resumption.cnf
M test/ssl-tests/protocol_version.pm
Log Message:
-----------
Adds DTLSv1.3 to protocol_version.pm for additional protocol version tests.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23242)
Commit: 1275fd9ff57da43868e6916ee716b7d7d793c090
https://github.com/openssl/openssl/commit/1275fd9ff57da43868e6916ee716b7d7d793c090
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/dtlstest.c
M test/sslapitest.c
Log Message:
-----------
Run test_cookie() test with DTLS 1.3
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24425)
Commit: e6f126bd28cb174ac2913001ab0d149c93f0337a
https://github.com/openssl/openssl/commit/e6f126bd28cb174ac2913001ab0d149c93f0337a
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
A doc/designs/dtlsv1_3/dtlsv1_3-main.md
Log Message:
-----------
Add design document for DTLS 1.3 implementation
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23041)
Commit: 7f9d73e1b414dab0e4fe0ce93a1e0302e219986a
https://github.com/openssl/openssl/commit/7f9d73e1b414dab0e4fe0ce93a1e0302e219986a
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M apps/s_client.c
M apps/s_server.c
M ssl/record/methods/tls_common.c
M ssl/ssl_cert.c
M ssl/ssl_ciph.c
M ssl/ssl_lib.c
M ssl/ssl_local.h
M ssl/statem/extensions.c
M ssl/statem/extensions_clnt.c
M ssl/statem/extensions_srvr.c
M ssl/statem/statem_clnt.c
M ssl/statem/statem_lib.c
M ssl/t1_lib.c
M test/sslapitest.c
Log Message:
-----------
Refactor code and fix a couple of missing DTLSv1.3 checks.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24345)
Commit: 089b3ef7638e281fcf6b5e77261f37a82beec180
https://github.com/openssl/openssl/commit/089b3ef7638e281fcf6b5e77261f37a82beec180
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/record/methods/dtls_meth.c
M ssl/statem/statem_dtls.c
Log Message:
-----------
Re-enable mtu assertion which previously failed for DTLS 1.3
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24524)
Commit: e4771cce5faed8cad990eeb24fc77a25b64606aa
https://github.com/openssl/openssl/commit/e4771cce5faed8cad990eeb24fc77a25b64606aa
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M crypto/packet.c
M include/internal/common.h
M include/internal/packet.h
M ssl/statem/extensions.c
M ssl/statem/extensions_clnt.c
M ssl/statem/statem_dtls.c
M ssl/statem/statem_lib.c
M test/dtls_mtu_test.c
M test/ssl-tests/29-dtls-sctp-label-bug.cnf.in
Log Message:
-----------
Place start of ClientHello correctly when calculating binder for DTLS 1.3
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24426)
Commit: b10580efb6e64eeddfb0ed02a183d48933a6e30c
https://github.com/openssl/openssl/commit/b10580efb6e64eeddfb0ed02a183d48933a6e30c
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/statem_dtls.c
Log Message:
-----------
Use WPACKET in dtls1_do_write()
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24426)
Commit: db560ade8c74cadccab1e1e4178db8cc4d2988b8
https://github.com/openssl/openssl/commit/db560ade8c74cadccab1e1e4178db8cc4d2988b8
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M fuzz/dtlsclient.c
M ssl/d1_lib.c
M ssl/ssl_local.h
M ssl/statem/extensions_clnt.c
M ssl/statem/statem_clnt.c
M ssl/statem/statem_lib.c
M test/dtlstest.c
Log Message:
-----------
Fix an assertion failure which happens when a DTLS 1.3 client receives a HelloVerifyRequest.
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24509)
Commit: b1cd19d99f994718d596456f99bc89bc912fa174
https://github.com/openssl/openssl/commit/b1cd19d99f994718d596456f99bc89bc912fa174
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M Configure
M test/recipes/70-test_tls13alerts.t
M util/perl/TLSProxy/Message.pm
M util/perl/TLSProxy/Proxy.pm
M util/perl/TLSProxy/Record.pm
M util/perl/TLSProxy/ServerKeyExchange.pm
Log Message:
-----------
Run 70-test_tls13alerts.t with dtls
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24525)
Commit: d9c913731cad269769ad9b69c4a51cfe45ed2e9d
https://github.com/openssl/openssl/commit/d9c913731cad269769ad9b69c4a51cfe45ed2e9d
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/recipes/70-test_tls13cookie.t
Log Message:
-----------
Run 70-test_tls13cookie.t with dtls
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24525)
Commit: 6607b4345edca65c7720030220c7b92e8ce18db5
https://github.com/openssl/openssl/commit/6607b4345edca65c7720030220c7b92e8ce18db5
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/recipes/70-test_tls13hrr.t
Log Message:
-----------
Run 70-test_tls13hrr.t with dtls
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24525)
Commit: ab479d71698f10e1159d0b19faf84f0fb5d81b23
https://github.com/openssl/openssl/commit/ab479d71698f10e1159d0b19faf84f0fb5d81b23
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/recipes/70-test_tls13psk.t
Log Message:
-----------
Add support for running 70-test_tls13psk.t with dtls
Has to be currently disabled because it fails.
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24525)
Commit: 2e13d7339ead1a312ec22a405fe13692fe7e2f4f
https://github.com/openssl/openssl/commit/2e13d7339ead1a312ec22a405fe13692fe7e2f4f
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/recipes/70-test_tls13messages.t
Log Message:
-----------
Run 70-test_tls13messages.t with dtls
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24525)
Commit: 0be56c45a95d039b5536260c99b1a6dc4ea34460
https://github.com/openssl/openssl/commit/0be56c45a95d039b5536260c99b1a6dc4ea34460
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/recipes/70-test_tls13kexmodes.t
Log Message:
-----------
Run 70-test_tls13kexmodes.t with dtls
It is currently unsupported because of missing support in TLSProxy.
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24525)
Commit: a351d67c4c260f89afe92b30bac7fac39afa879c
https://github.com/openssl/openssl/commit/a351d67c4c260f89afe92b30bac7fac39afa879c
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/recipes/70-test_tls13alerts.t
M test/recipes/70-test_tls13certcomp.t
M test/recipes/70-test_tls13cookie.t
M test/recipes/70-test_tls13hrr.t
M test/recipes/70-test_tls13psk.t
Log Message:
-----------
Run 70-test_tls13certcomp.t with dtls
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24525)
Commit: eb3dd826e83cbfbfc026a70b98c288cd2bcb27ef
https://github.com/openssl/openssl/commit/eb3dd826e83cbfbfc026a70b98c288cd2bcb27ef
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/statem_clnt.c
M ssl/statem/statem_srvr.c
M test/dtls_mtu_test.c
Log Message:
-----------
Fix SCTP todo
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24605)
Commit: 75a6daa3e54a74992bc4a30142cd77f393f926c9
https://github.com/openssl/openssl/commit/75a6daa3e54a74992bc4a30142cd77f393f926c9
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M include/internal/common.h
M ssl/d1_lib.c
M ssl/record/rec_layer_d1.c
M ssl/ssl_local.h
M ssl/statem/statem_dtls.c
M util/indent.pro
Log Message:
-----------
Refactor handshake msg header parsing etc.
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24607)
Commit: 24ea63ce592359cf9bc4ca028ed90a75a5734601
https://github.com/openssl/openssl/commit/24ea63ce592359cf9bc4ca028ed90a75a5734601
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M doc/designs/dtlsv1_3/dtlsv1_3-main.md
M ssl/record/rec_layer_d1.c
M ssl/tls13_enc.c
A test/recipes/70-test_dtls13epoch.t
M test/recipes/70-test_tls13alerts.t
M test/tls13secretstest.c
Log Message:
-----------
Update epochs when changing key and cipher state for dtls 1.3
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23229)
Commit: 62fb5189143761b990232ce1d20d87b1551d4fb4
https://github.com/openssl/openssl/commit/62fb5189143761b990232ce1d20d87b1551d4fb4
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/s3_lib.c
M ssl/ssl_local.h
M ssl/statem/statem_lib.c
M ssl/statem/statem_srvr.c
M test/recipes/70-test_tls13downgrade.t
M util/perl/TLSProxy/Certificate.pm
M util/perl/TLSProxy/CertificateRequest.pm
M util/perl/TLSProxy/CertificateVerify.pm
M util/perl/TLSProxy/ClientHello.pm
M util/perl/TLSProxy/EncryptedExtensions.pm
M util/perl/TLSProxy/HelloVerifyRequest.pm
M util/perl/TLSProxy/Message.pm
M util/perl/TLSProxy/NewSessionTicket.pm
M util/perl/TLSProxy/ServerHello.pm
M util/perl/TLSProxy/ServerKeyExchange.pm
Log Message:
-----------
Support dtls 1.3 downgrade mechanism
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23320)
Commit: f9cdccb4e0b0e17a5109279b756a6058a5c5758a
https://github.com/openssl/openssl/commit/f9cdccb4e0b0e17a5109279b756a6058a5c5758a
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M include/internal/recordmethod.h
M include/openssl/dtls1.h
M ssl/d1_lib.c
M ssl/quic/quic_tls.c
M ssl/record/methods/dtls_meth.c
M ssl/record/methods/ktls_meth.c
M ssl/record/methods/recmethod_local.h
M ssl/record/methods/ssl3_meth.c
M ssl/record/methods/tls13_meth.c
M ssl/record/methods/tls1_meth.c
M ssl/record/methods/tls_common.c
M ssl/record/methods/tlsany_meth.c
M ssl/record/rec_layer_s3.c
M ssl/record/record.h
M ssl/s3_enc.c
M ssl/s3_lib.c
M ssl/ssl_ciph.c
M ssl/ssl_local.h
M ssl/ssl_txt.c
M ssl/statem/statem_clnt.c
M ssl/t1_enc.c
M ssl/tls13_enc.c
M test/tls13encryptiontest.c
M test/tls13secretstest.c
Log Message:
-----------
DTLS 1.3 record number encryption
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23511)
Commit: 6e80e7e994ca40682d2f1fc7d564511b284d7d1a
https://github.com/openssl/openssl/commit/6e80e7e994ca40682d2f1fc7d564511b284d7d1a
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M doc/designs/dtlsv1_3/dtlsv1_3-main.md
M ssl/s3_enc.c
M ssl/ssl_local.h
M ssl/statem/extensions_srvr.c
M ssl/statem/statem_clnt.c
M ssl/statem/statem_dtls.c
M ssl/statem/statem_lib.c
M ssl/statem/statem_local.h
Log Message:
-----------
Fix DTLS 1.3 handshake transcript hash
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26035)
Commit: 72386208244c67d962455ec2db598e4497727601
https://github.com/openssl/openssl/commit/72386208244c67d962455ec2db598e4497727601
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/pqueue.c
M ssl/record/methods/dtls_meth.c
M ssl/record/methods/recmethod_local.h
M ssl/ssl_local.h
Log Message:
-----------
Avoid mallocing unprocessed_rcds and processed_rcds in dtls record layer
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26211)
Commit: fdd02b72e38580c661b573175cd1dc7156d82180
https://github.com/openssl/openssl/commit/fdd02b72e38580c661b573175cd1dc7156d82180
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/record/rec_layer_s3.c
M ssl/statem/statem_clnt.c
Log Message:
-----------
Check result of set_protocol_version() and use the version passed as argument
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26226)
Commit: 4a08d18737ee8b48f23f2a14001660c62647f7a1
https://github.com/openssl/openssl/commit/4a08d18737ee8b48f23f2a14001660c62647f7a1
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/tls13_enc.c
Log Message:
-----------
Sequence number cipher context is NULL for TLS connections
Fix memory sanitizer report of use of uninitialized variable: be explicit
that sequence number cipher context is NULL for TLS connections when
calling ssl_set_new_record_layer().
Reviewed-by: Paul Dale <ppz...@gmail.com>
Reviewed-by: Hugo Landau <hla...@devever.net>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26401)
Commit: a55cc9aafce31ffc714eac55051c9ef9b095d115
https://github.com/openssl/openssl/commit/a55cc9aafce31ffc714eac55051c9ef9b095d115
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M include/openssl/prov_ssl.h
M ssl/record/rec_layer_s3.c
M ssl/s3_enc.c
M ssl/ssl_local.h
M ssl/statem/statem_clnt.c
M ssl/statem/statem_dtls.c
M ssl/statem/statem_lib.c
Log Message:
-----------
This change fixes an issue where a DTLS 1.3 would calculate a wrong transcript hash.
A wrong transcript hash was calculated when the client received a HRR which caused interop failures with WolfSSL. This change also refactors the internal calls to ssl3_finish_mac() that no longer requires the "incl_hdr" argument.
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26465)
Commit: e44454e26981fc638a4ed914151838a0dfbd5d58
https://github.com/openssl/openssl/commit/e44454e26981fc638a4ed914151838a0dfbd5d58
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/d1_lib.c
M ssl/record/rec_layer_s3.c
M ssl/ssl_local.h
M ssl/statem/statem_dtls.c
Log Message:
-----------
Reduce the number of mallocs in dtls1_new() by allocating message queues together with the d1 struct.
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26150)
Commit: 340762d5d31805076734c691fcd3dc71aa29f3c9
https://github.com/openssl/openssl/commit/340762d5d31805076734c691fcd3dc71aa29f3c9
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/recipes/70-test_dtls13epoch.t
M test/recipes/70-test_tls13alerts.t
M test/recipes/70-test_tls13certcomp.t
M test/recipes/70-test_tls13hrr.t
M test/recipes/70-test_tls13messages.t
M util/perl/TLSProxy/Message.pm
Log Message:
-----------
TLSProxy: Handle partial messages with DTLS
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26532)
Commit: 41b511e335a0a857d8d69cc9aa7426d84fc255af
https://github.com/openssl/openssl/commit/41b511e335a0a857d8d69cc9aa7426d84fc255af
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M util/perl/TLSProxy/Proxy.pm
Log Message:
-----------
Adds a workaround for false negative test results with TLSProxy
The server is not able to shut down correctly
when the client sends an alert in epoch 0 and the
server has sent its Finished message.
As a workaround we accept a bad exit code for a failing
DTLS test run.
Fixes #26915
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26922)
Commit: a9789b13a54ea4c262079177ab847ac3324cbda8
https://github.com/openssl/openssl/commit/a9789b13a54ea4c262079177ab847ac3324cbda8
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M doc/designs/dtlsv1_3/dtlsv1_3-main.md
M doc/man3/SSL_get_version.pod
M include/openssl/dtls1.h
M ssl/d1_lib.c
M ssl/record/methods/dtls_meth.c
M ssl/record/methods/recmethod_local.h
M ssl/record/methods/tls13_meth.c
M ssl/record/methods/tls1_meth.c
M ssl/record/methods/tls_common.c
M test/helpers/ssltestlib.c
M util/perl/TLSProxy/Record.pm
Log Message:
-----------
Support DTLS 1.3 Unified Headers
Also set correct AAD for DTLS 1.3 message de-/encryption.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25668)
Commit: 8b2845b6556a729e8ff2ff20b2f56efdb5f8fd59
https://github.com/openssl/openssl/commit/8b2845b6556a729e8ff2ff20b2f56efdb5f8fd59
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/dtls_mtu_test.c
Log Message:
-----------
test_server_mtu_larger_than_max_fragment_length() should be run for DTLS 1.3
Previously it was forced to run on DTLS 1.2>. But the underlying issue was fixed on master and it works now that the feature branch has been rebased on top of a more recent master.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26574)
Commit: 795d3b0677929d1fedd82aadfa292a8471273248
https://github.com/openssl/openssl/commit/795d3b0677929d1fedd82aadfa292a8471273248
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/sslapitest.c
M test/tls-provider.c
Log Message:
-----------
Duplicate TLS 1.3 sslapitests for DTLS 1.3
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26912)
Commit: c783335de61ed500f6607ba05167579cc0e9e5e9
https://github.com/openssl/openssl/commit/c783335de61ed500f6607ba05167579cc0e9e5e9
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/statem_lib.c
Log Message:
-----------
Revert changes to ssl_version_cmp() to avoid calling assert on non-sane inputs
The function can be called with arbitrary inputs.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28000)
Commit: f02a12398875f4ed83cb173d58691048b32257e2
https://github.com/openssl/openssl/commit/f02a12398875f4ed83cb173d58691048b32257e2
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M apps/lib/s_cb.c
M doc/designs/dtlsv1_3/dtlsv1_3-main.md
M include/internal/packet.h
M include/internal/recordmethod.h
M include/internal/statem.h
M include/openssl/ssl.h.in
M include/openssl/ssl3.h
M ssl/d1_lib.c
M ssl/pqueue.c
M ssl/quic/quic_tls.c
M ssl/record/methods/dtls_meth.c
M ssl/record/methods/ktls_meth.c
M ssl/record/methods/recmethod_local.h
M ssl/record/methods/ssl3_meth.c
M ssl/record/methods/tls13_meth.c
M ssl/record/methods/tls1_meth.c
M ssl/record/methods/tls_common.c
M ssl/record/methods/tls_multib.c
M ssl/record/rec_layer_d1.c
M ssl/record/record.h
M ssl/ssl_local.h
M ssl/ssl_stat.c
M ssl/statem/statem.c
M ssl/statem/statem_clnt.c
M ssl/statem/statem_dtls.c
M ssl/statem/statem_local.h
M ssl/statem/statem_srvr.c
M ssl/tls13_enc.c
A test/recipes/70-test_dtls13ack.t
M test/recipes/70-test_sslcbcpadding.t
M test/recipes/70-test_sslrecords.t
M test/recipes/70-test_tls13hrr.t
M test/sslapitest.c
M test/tls13encryptiontest.c
M test/tls13secretstest.c
M util/perl/TLSProxy/Message.pm
M util/perl/TLSProxy/Proxy.pm
M util/perl/TLSProxy/Record.pm
A util/perl/TLSProxy/RecordNumber.pm
Log Message:
-----------
Adds DTLS 1.3 ACK message functionality
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25119)
Commit: 89dbcfcc2d4c032a1aee7570ac75a51948787517
https://github.com/openssl/openssl/commit/89dbcfcc2d4c032a1aee7570ac75a51948787517
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/d1_lib.c
M ssl/record/rec_layer_d1.c
M ssl/tls13_enc.c
Log Message:
-----------
Fixes an issue were dropped records sent from server was not retransmitted.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25119)
Commit: d86d69975d941c8c4dfedf105bfc083b0c9c7b3b
https://github.com/openssl/openssl/commit/d86d69975d941c8c4dfedf105bfc083b0c9c7b3b
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/record/methods/tls_multib.c
Log Message:
-----------
Minor style changes and check sequence for wraparound
We check the TLS sequence number for wraparound elsewhere,
this adds the check to TLS multiblock writes as well.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25119)
Commit: da81907c2b6a4a9a73b53af656e66748532ee6be
https://github.com/openssl/openssl/commit/da81907c2b6a4a9a73b53af656e66748532ee6be
Author: Tomas Mraz <to...@openssl.org>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/recipes/70-test_sslrecords.t
Log Message:
-----------
70-test_sslrecords.t: Fix indentation
Reviewed-by: Frederik Wedel-Heinen <fwh.o...@gmail.com>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28455)
Commit: c48fa552a5b02d20e22c0a0f21f1a2c2f7156d65
https://github.com/openssl/openssl/commit/c48fa552a5b02d20e22c0a0f21f1a2c2f7156d65
Author: Tomas Mraz <to...@openssl.org>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/recipes/70-test_dtls13ack.t
M test/recipes/70-test_dtls13epoch.t
M test/recipes/70-test_sslrecords.t
Log Message:
-----------
Use non-PQC key share for DTLS-1.3 TLSProxy tests
Reviewed-by: Frederik Wedel-Heinen <fwh.o...@gmail.com>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28455)
Commit: b29c1764154c5c28f76f7793b87b2130e6d62605
https://github.com/openssl/openssl/commit/b29c1764154c5c28f76f7793b87b2130e6d62605
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M apps/s_client.c
M apps/s_server.c
M ssl/ssl_cert.c
M ssl/statem/statem_clnt.c
Log Message:
-----------
Support OSCP responses for DTLS 1.3
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28455)
Commit: 36e6d460da5a5c5345142f1208efcf772c8f54fd
https://github.com/openssl/openssl/commit/36e6d460da5a5c5345142f1208efcf772c8f54fd
Author: Tomas Mraz <to...@openssl.org>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M providers/common/capabilities.c
Log Message:
-----------
sigalg_constants_list: Add DTLS1_3_VERSION to applicable sigalgs
Reviewed-by: Frederik Wedel-Heinen <fwh.o...@gmail.com>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28455)
Commit: 914bd289e88e27835b234720697790aa9aca2502
https://github.com/openssl/openssl/commit/914bd289e88e27835b234720697790aa9aca2502
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/statem/extensions_srvr.c
M ssl/statem/statem_lib.c
M ssl/t1_lib.c
M ssl/t1_trce.c
M test/tls-provider.c
M util/perl/TLSProxy/Record.pm
Log Message:
-----------
TLS-1.3 specific sigalgs should be supported in DTLS-1.3
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28455)
Commit: 2c76b09150e6dafd772673c766a7643c4dcf0b91
https://github.com/openssl/openssl/commit/2c76b09150e6dafd772673c766a7643c4dcf0b91
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/recipes/70-test_sslrecords.t
M test/recipes/70-test_tls13downgrade.t
M test/recipes/70-test_tls13messages.t
Log Message:
-----------
Fixes of tests for DTLS-1.3
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28455)
Commit: 548a91a9407adcc6b7ef5f917ed666eccbf8a45a
https://github.com/openssl/openssl/commit/548a91a9407adcc6b7ef5f917ed666eccbf8a45a
Author: Tomas Mraz <to...@openssl.org>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/dtlstest.c
M test/recipes/70-test_tls13certcomp.t
M test/recipes/70-test_tls13cookie.t
M test/recipes/70-test_tls13downgrade.t
M test/recipes/70-test_tls13hrr.t
M test/recipes/70-test_tls13messages.t
Log Message:
-----------
DTLS1.3: Disable tests that currently fail
With added TODO(DTLSv1.3) comments
Reviewed-by: Frederik Wedel-Heinen <fwh.o...@gmail.com>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28455)
Commit: 7c1a812a3e1855d98f39feec613ae5dc6b7c4024
https://github.com/openssl/openssl/commit/7c1a812a3e1855d98f39feec613ae5dc6b7c4024
Author: Frederik Wedel-Heinen <frederik.w...@dencrypt.dk>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M test/p_ossltest.c
M test/recipes/70-test_dtls13ack.t
Log Message:
-----------
Adds AES-128-ECB to ossltest provider to be able to reenable DTLS 1.3 ACK tests.
Reviewed-by: Neil Horman <nho...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28926)
Commit: a70ff7ca8c40946ceb1a85b3d2352e2d785ac1f0
https://github.com/openssl/openssl/commit/a70ff7ca8c40946ceb1a85b3d2352e2d785ac1f0
Author: Ryan Hooper <ryho...@cisco.com>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M ssl/d1_lib.c
M test/dtls_mtu_test.c
Log Message:
-----------
Fixes the DTLS MTU test
When calling DTLS_get_data_mtu the function was not taking
into account the extra byte after the data which contains
the content type.
Fixes: https://github.com/openssl/project/issues/1668
Reviewed-by: Frederik Wedel-Heinen <fwh.o...@gmail.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29081)
Commit: e847e74b76783635f2271b4cfc09ca90383209c8
https://github.com/openssl/openssl/commit/e847e74b76783635f2271b4cfc09ca90383209c8
Author: Ryan Hooper <ryho...@cisco.com>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M include/internal/recordmethod.h
M ssl/d1_msg.c
M ssl/quic/quic_tls.c
M ssl/record/methods/dtls_meth.c
M ssl/record/methods/ktls_meth.c
M ssl/record/methods/recmethod_local.h
M ssl/record/methods/tls13_meth.c
M ssl/record/methods/tls_common.c
M ssl/record/rec_layer_d1.c
M ssl/record/rec_layer_s3.c
M ssl/record/record.h
M ssl/statem/extensions.c
M ssl/statem/statem_clnt.c
M ssl/statem/statem_dtls.c
M ssl/statem/statem_srvr.c
M test/helpers/ssltestlib.c
M test/sslapitest.c
Log Message:
-----------
Fixing comment out tests for DTLS1.3 in sslapitest
Several tests where commented out for the behavior of DTLS1.3 is
different then TLS1.3. The main difference is around the ACK
message. This means some tests needed to be massaged to for
the peer to ACK to a certain message.
This PR does not remove all TODO's for DTLS1.3. Currently there
are two TODOs. One around padding for messages less than 16
bytes and one for authentication and integrity only messages.
Also this PR still has a lot of memory leaks. Looking into it
it has to deal with how new record layers are allocated for
new epochs. Because record layers are also stored in a list of
messages sent in case they need to be resent it wasn't a simple
fix. I feel like the memory leaks should be tackled in a
separate PR.
Fixes: https://github.com/openssl/project/issues/1667
Reviewed-by: Frederik Wedel-Heinen <fwh.o...@gmail.com>
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29067)
Commit: 0a2f79a6dd749d0bde3dfb14eb117369588293a1
https://github.com/openssl/openssl/commit/0a2f79a6dd749d0bde3dfb14eb117369588293a1
Author: Ryan Hooper <ryho...@cisco.com>
Date: 2025-12-18 (Thu, 18 Dec 2025)
Changed paths:
M include/openssl/ssl3.h
M ssl/statem/statem_clnt.c
M ssl/tls13_enc.c
M test/recipes/70-test_dtls13ack.t
M test/recipes/70-test_tls13certcomp.t
M util/perl/TLSProxy/Message.pm
M util/perl/TLSProxy/Proxy.pm
M util/perl/TLSProxy/Record.pm
Log Message:
-----------
Updating the DTLS Proxy ACK test to wait for the New Session ACK
Updated the DTLS 1.3 ACK tests that use the proxy to wait until
the ACK for the New Session Ticket is recieved.
Also updated some proxy tests now that the sessionfile can be
used and the DTLS1.3 client will shut down properly. This happens
because the Proxy sends a Close Notify Alert.
Also resolving a DTLS Proxy issue where the Proxy was not
taking into account the second fragment for a record and the
Handshake/Record Header.
Fixes: openssl/project#1669
Reviewed-by: Frederik Wedel-Heinen <fwh.o...@gmail.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29221)
Compare: https://github.com/openssl/openssl/compare/f6b986420d65...0a2f79a6dd74
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Reply all
Reply to author
Forward
0 new messages