|
|
6309f8 |
From 94b0b52f05911bd8cfe579406248c8afe36004d7 Mon Sep 17 00:00:00 2001
|
|
|
6309f8 |
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
|
|
|
6309f8 |
Date: Fri, 17 Aug 2018 15:14:40 +0200
|
|
|
6309f8 |
Subject: [PATCH] NPN is unavailable in TLSv1.3
|
|
|
6309f8 |
MIME-Version: 1.0
|
|
|
6309f8 |
Content-Type: text/plain; charset=UTF-8
|
|
|
6309f8 |
Content-Transfer-Encoding: 8bit
|
|
|
6309f8 |
|
|
|
6309f8 |
TLSv1.3 does not support NPN. Application can use ALPN. This caused
|
|
|
6309f8 |
t/npn.t failures when TLSv1.3 was negotiated. This patch disables
|
|
|
6309f8 |
TLSv1.3 in the test.
|
|
|
6309f8 |
|
|
|
6309f8 |
<https://github.com/openssl/openssl/issues/3665>
|
|
|
6309f8 |
|
|
|
6309f8 |
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
|
|
6309f8 |
---
|
|
|
6309f8 |
lib/IO/Socket/SSL.pod | 2 +-
|
|
|
6309f8 |
t/npn.t | 2 ++
|
|
|
6309f8 |
2 files changed, 3 insertions(+), 1 deletion(-)
|
|
|
6309f8 |
|
|
|
6309f8 |
diff --git a/lib/IO/Socket/SSL.pod b/lib/IO/Socket/SSL.pod
|
|
|
6309f8 |
index 95401aa..363901b 100644
|
|
|
6309f8 |
--- a/lib/IO/Socket/SSL.pod
|
|
|
6309f8 |
+++ b/lib/IO/Socket/SSL.pod
|
|
|
6309f8 |
@@ -1336,7 +1336,7 @@ as an array ref.
|
|
|
6309f8 |
See also method C<next_proto_negotiated>.
|
|
|
6309f8 |
|
|
|
6309f8 |
Next Protocol Negotiation (NPN) is available with Net::SSLeay 1.46+ and
|
|
|
6309f8 |
-openssl-1.0.1+.
|
|
|
6309f8 |
+openssl-1.0.1+. NPN is unavailable in TLSv1.3 protocol.
|
|
|
6309f8 |
To check support you might call C<< IO::Socket::SSL->can_npn() >>.
|
|
|
6309f8 |
If you use this option with an unsupported Net::SSLeay/OpenSSL it will
|
|
|
6309f8 |
throw an error.
|
|
|
6309f8 |
diff --git a/t/npn.t b/t/npn.t
|
|
|
6309f8 |
index 8992a77..6ee6ca6 100644
|
|
|
6309f8 |
--- a/t/npn.t
|
|
|
6309f8 |
+++ b/t/npn.t
|
|
|
6309f8 |
@@ -25,6 +25,8 @@ my $addr = '127.0.0.1';
|
|
|
6309f8 |
my $server = IO::Socket::SSL->new(
|
|
|
6309f8 |
LocalAddr => $addr,
|
|
|
6309f8 |
Listen => 2,
|
|
|
6309f8 |
+ SSL_version => 'SSLv23:!TLSv1_3', # NPN does not exist in TLSv1.3
|
|
|
6309f8 |
+ # https://github.com/openssl/openssl/issues/3665
|
|
|
6309f8 |
SSL_cert_file => 'certs/server-cert.pem',
|
|
|
6309f8 |
SSL_key_file => 'certs/server-key.pem',
|
|
|
6309f8 |
SSL_npn_protocols => [qw(one two)],
|
|
|
6309f8 |
--
|
|
|
6309f8 |
2.14.4
|
|
|
6309f8 |
|