diff options
Diffstat (limited to 'src/PORTING.md')
| -rw-r--r-- | src/PORTING.md | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/PORTING.md b/src/PORTING.md index ca9f6a44..e2fdb3a5 100644 --- a/src/PORTING.md +++ b/src/PORTING.md @@ -130,6 +130,17 @@ Things which do not work: * If a HelloRequest is received while `SSL_write` has unsent application data, the renegotiation is rejected. +* Renegotiation does not participate in session resumption. The client will + not offer a session on renegotiation or resume any session established by a + renegotiation handshake. + +* The server may not change its certificate in the renegotiation. This mitigates + the [triple handshake attack](https://mitls.org/pages/attacks/3SHAKE). Any new + stapled OCSP response and SCT list will be ignored. As no authentication state + may change, BoringSSL will not re-verify the certificate on a renegotiation. + Callbacks such as `SSL_CTX_set_custom_verify` will only run on the initial + handshake. + ### Lowercase hexadecimal BoringSSL's `BN_bn2hex` function uses lowercase hexadecimal digits instead of |