aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-11-28 14:18:39 -0500
committerJack Lloyd <[email protected]>2017-11-28 14:18:39 -0500
commitbf59cc53a768cd0ea1deb78a9a75c3bc92d466e6 (patch)
treecf46ecfe41c17d6687e9e148c6cb8a89f827e6f8
parent7ff369a0a26cfd9803d58eeb0206204890779b79 (diff)
Correct version selection logic in TLS server
Due to an oversight in the logic, previously a client attempt to negotiate SSLv3 would result in the server trying to negotiate TLS v1.2. Now instead they get a protocol_error alert. Similarly, detect the the (invalid) case of a major number <= 2, which does not coorespond to any real TLS version. The server would again reply as a TLS v1.2 server in that case, and now just closes the connection with an alert.
-rw-r--r--src/lib/tls/tls_server.cpp5
1 files changed, 5 insertions, 0 deletions
diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp
index f20e363cf..66a0e0e1d 100644
--- a/src/lib/tls/tls_server.cpp
+++ b/src/lib/tls/tls_server.cpp
@@ -405,6 +405,11 @@ void Server::process_client_hello_msg(const Handshake_State* active_state,
pending_state.client_hello(new Client_Hello(contents));
const Protocol_Version client_version = pending_state.client_hello()->version();
+ if(client_version.major_version() < 3)
+ throw TLS_Exception(Alert::PROTOCOL_VERSION, "Client offered version with major version under 3");
+ if(client_version.major_version() == 3 && client_version.minor_version() == 0)
+ throw TLS_Exception(Alert::PROTOCOL_VERSION, "SSLv3 is not supported");
+
Protocol_Version negotiated_version;
const Protocol_Version latest_supported =