Skip to content

refactor: remove conn->client_hello_version #5278

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
May 8, 2025
Merged

refactor: remove conn->client_hello_version #5278

merged 7 commits into from
May 8, 2025

Conversation

lrstewart
Copy link
Contributor

@lrstewart lrstewart commented Apr 30, 2025
edited
Loading

Release Summary:

Description of changes:

While poking around at the SSLv2 logic, I was very frustrated by our protocol version handling.

We have several closely related fields:

  • conn->client_hello.sslv2: indicates whether the ClientHello was an SSLv2 ClientHello message instead of the standard TLS record + TLS ClientHello handshake message.
  • conn->client_hello.legacy_version: represents the legacy version as written in the ClientHello.
  • conn->client_hello_version: If client_hello.sslv2, then always "S2N_SSLv2", even though client_hello.legacy_version != S2N_SSLv2. If not client_hello.sslv2, then MIN(client_hello.legacy_version, S2N_TLS12). So it's both a duplicate, and a very confusing duplicate.

When we use conn->client_hello_version, we generally actually want conn->client_hello.sslv2, conn->client_hello.legacy_version, or even conn->client_protocol_version. I went through and replaced client_hello_version with the more accurate values.

Testing:

Existing tests pass, including the sslv2 integration test.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions github-actions bot added the s2n-core team label Apr 30, 2025
@lrstewart lrstewart force-pushed the ch_version_cleanup branch from cdf8018 to 88b2b00 Compare April 30, 2025 18:53
@lrstewart lrstewart marked this pull request as ready for review April 30, 2025 20:27
maddeleine
maddeleine reviewed Apr 30, 2025
View reviewed changes
goatgoose
goatgoose approved these changes May 1, 2025
View reviewed changes
@lrstewart lrstewart requested a review from maddeleine May 2, 2025 03:25
maddeleine
maddeleine reviewed May 2, 2025
View reviewed changes
@lrstewart lrstewart requested a review from maddeleine May 7, 2025 05:31
@lrstewart lrstewart requested a review from maddeleine May 7, 2025 21:56
@lrstewart lrstewart added this pull request to the merge queue May 8, 2025
Merged via the queue into aws:main with commit f61ba2b May 8, 2025
46 of 47 checks passed
@lrstewart lrstewart deleted the ch_version_cleanup branch May 8, 2025 19:44
dougch pushed a commit to dougch/s2n-tls that referenced this pull request May 9, 2025
@lrstewart @goatgoose @dougch
refactor: remove conn->client_hello_version (aws#5278)
9bb58d4 
Co-authored-by: Sam Clark <[email protected]>
@BrewTestBot BrewTestBot mentioned this pull request May 22, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@goatgoose goatgoose goatgoose approved these changes

@maddeleine maddeleine maddeleine approved these changes

Assignees
No one assigned
Labels
s2n-core team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lrstewart @goatgoose @maddeleine