diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index f557d7f40e..8aff191115 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1383,6 +1383,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG(2, ("selected ciphersuite: %04x - %s", cipher_suite, ciphersuite_info->name)); + break; } if (handshake->ciphersuite_info == NULL) { @@ -1390,6 +1391,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } + p = cipher_suites_end; /* ... * opaque legacy_compression_methods<1..2^8-1>; diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index c176d0d628..b15fe16f7d 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13222,7 +13222,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: NewSessionTicket: Basic check, G->m" \ +run_test "TLS 1.3: NewSessionTicket: resumption failure, PSK len too big, G->m" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4" \ "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \ 0 \ @@ -13231,9 +13231,9 @@ run_test "TLS 1.3: NewSessionTicket: Basic check, G->m" \ -s "=> write NewSessionTicket msg" \ -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET" \ -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH" \ + -s "mbedtls_ssl_set_hs_psk() returned" \ -s "key exchange mode: ephemeral" \ - -s "key exchange mode: psk_ephemeral" \ - -s "found pre_shared_key extension" + -S "key exchange mode: psk_ephemeral" requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS requires_config_enabled MBEDTLS_SSL_SRV_C