Don't pad the second ClientHello.

While the previous CL fixed a bug in computing this padding, we don't actually need to pad the second (cleartext) ClientHello anyway. This padding is to work around bugs in old F5 and WebSphere servers, which do not speak TLS 1.3. Save a few bytes. Change-Id: I9b5d9bb1c0d880f1b1c9182667a9d3d82588c04c Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/47999 Reviewed-by: Adam Langley <agl@google.com>
4 years ago · cd89004847
parent 350fe3bf32
commit cd89004847
1 changed files with 2 additions and 1 deletions
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc
@ -3318,7 +3318,8 @@ bool ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out,
  }

  size_t psk_extension_len = ext_pre_shared_key_clienthello_length(hs);
-  if (!SSL_is_dtls(ssl) && !ssl->quic_method) {
+  if (!SSL_is_dtls(ssl) && !ssl->quic_method &&
+      !ssl->s3->used_hello_retry_request) {
    header_len +=
        SSL3_HM_HEADER_LENGTH + 2 + CBB_len(&extensions) + psk_extension_len;
    size_t padding_len = 0;