external/boringssl: Sync to 9c969bf4919e82c7fa8e1d32d0c7c81654027683.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/8625ec4b436ccb4098ed4aac10891eff8372be41..9c969bf4919e82c7fa8e1d32d0c7c81654027683
Test: BoringSSL CTS Presubmits
Change-Id: I1da35d99383d154945bbd60b9fbad5e21ed9d161
diff --git a/src/ssl/handshake_server.cc b/src/ssl/handshake_server.cc
index 0159c9e..f0ed0d8 100644
--- a/src/ssl/handshake_server.cc
+++ b/src/ssl/handshake_server.cc
@@ -702,15 +702,17 @@
return ssl_hs_error;
}
- // Implement the TLS 1.3 anti-downgrade feature, but with a different value.
- //
- // For draft TLS 1.3 versions, it is not safe to deploy this feature. However,
- // some TLS terminators are non-compliant and copy the origin server's value,
- // so we wish to measure eventual compatibility impact.
- if (hs->max_version >= TLS1_3_VERSION) {
- OPENSSL_memcpy(ssl->s3->server_random + SSL3_RANDOM_SIZE -
- sizeof(kDraftDowngradeRandom),
- kDraftDowngradeRandom, sizeof(kDraftDowngradeRandom));
+ // Implement the TLS 1.3 anti-downgrade feature.
+ if (ssl_supports_version(hs, TLS1_3_VERSION)) {
+ if (ssl_protocol_version(ssl) == TLS1_2_VERSION) {
+ OPENSSL_memcpy(ssl->s3->server_random + SSL3_RANDOM_SIZE -
+ sizeof(kTLS13DowngradeRandom),
+ kTLS13DowngradeRandom, sizeof(kTLS13DowngradeRandom));
+ } else {
+ OPENSSL_memcpy(ssl->s3->server_random + SSL3_RANDOM_SIZE -
+ sizeof(kTLS12DowngradeRandom),
+ kTLS12DowngradeRandom, sizeof(kTLS12DowngradeRandom));
+ }
}
const SSL_SESSION *session = hs->new_session.get();