diff options
author | Jack Lloyd <[email protected]> | 2017-11-28 14:18:39 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-11-28 14:18:39 -0500 |
commit | bf59cc53a768cd0ea1deb78a9a75c3bc92d466e6 (patch) | |
tree | cf46ecfe41c17d6687e9e148c6cb8a89f827e6f8 | |
parent | 7ff369a0a26cfd9803d58eeb0206204890779b79 (diff) |
Correct version selection logic in TLS server
Due to an oversight in the logic, previously a client attempt to
negotiate SSLv3 would result in the server trying to negotiate
TLS v1.2. Now instead they get a protocol_error alert.
Similarly, detect the the (invalid) case of a major number <= 2,
which does not coorespond to any real TLS version. The server
would again reply as a TLS v1.2 server in that case, and now
just closes the connection with an alert.
-rw-r--r-- | src/lib/tls/tls_server.cpp | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp index f20e363cf..66a0e0e1d 100644 --- a/src/lib/tls/tls_server.cpp +++ b/src/lib/tls/tls_server.cpp @@ -405,6 +405,11 @@ void Server::process_client_hello_msg(const Handshake_State* active_state, pending_state.client_hello(new Client_Hello(contents)); const Protocol_Version client_version = pending_state.client_hello()->version(); + if(client_version.major_version() < 3) + throw TLS_Exception(Alert::PROTOCOL_VERSION, "Client offered version with major version under 3"); + if(client_version.major_version() == 3 && client_version.minor_version() == 0) + throw TLS_Exception(Alert::PROTOCOL_VERSION, "SSLv3 is not supported"); + Protocol_Version negotiated_version; const Protocol_Version latest_supported = |