Don't allow reconnect during handshake Especially for resumed handshake, it's entirely possible for an epoch=0 ClientHello to be retransmitted or arrive so late that the server is already at epoch=1. There is no good way to detect whether it's that or a reconnect. However: - a late ClientHello seems more likely that client going down and then up again in the middle of a handshake - even if that's the case, we'll time out on that handshake soon enough - we don't want to break handshake flows that used to work So the safest option is to not treat that as a reconnect.

commit: ea5370d4a2df4956b32f66007c820e4578328094 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Tue Sep 15 15:11:28 2015 +0200
committer: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Tue Sep 15 15:17:54 2015 +0200
tree: f0a989b1382599b6c1a6bf24f638377ef58fc23c
parent: 6ad23b98552ebf1f123fe52172a65700aac1610a [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 2abd18b..463a6b1 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -3542,6 +3542,7 @@
              * fact that the record header len is 13 instead.
              */
             if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
+                ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER &&
                 rec_epoch == 0 &&
                 ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
                 ssl->in_left > 13 &&
commit	ea5370d4a2df4956b32f66007c820e4578328094	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Tue Sep 15 15:11:28 2015 +0200
committer	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Tue Sep 15 15:17:54 2015 +0200
tree	f0a989b1382599b6c1a6bf24f638377ef58fc23c
parent	6ad23b98552ebf1f123fe52172a65700aac1610a [diff] [blame]