diff options
| author | Jack Lloyd <[email protected]> | 2019-07-12 08:50:59 -0400 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2019-07-12 08:51:09 -0400 |
| commit | b5f3463555f56fb11563e3cec8a1a0d5ecfffe48 (patch) | |
| tree | b3f6c84461892cd66987270584e0fc22e46172f2 /src/bogo_shim | |
| parent | 7ce479e51f0d43df600c620c6c6de721809b1546 (diff) | |
Add TLS v1.3 downgrade indicator
Diffstat (limited to 'src/bogo_shim')
| -rw-r--r-- | src/bogo_shim/bogo_shim.cpp | 1 | ||||
| -rw-r--r-- | src/bogo_shim/config.json | 3 |
2 files changed, 3 insertions, 1 deletions
diff --git a/src/bogo_shim/bogo_shim.cpp b/src/bogo_shim/bogo_shim.cpp index d6ea52025..16da0f9e8 100644 --- a/src/bogo_shim/bogo_shim.cpp +++ b/src/bogo_shim/bogo_shim.cpp @@ -104,6 +104,7 @@ std::string map_to_bogo_error(const std::string& e) { "Client version TLS v1.1 is unacceptable by policy", ":UNSUPPORTED_PROTOCOL:" }, { "Client: No certificates sent by server", ":DECODE_ERROR:" }, { "Counterparty sent inconsistent key and sig types", ":WRONG_SIGNATURE_TYPE:" }, + { "Downgrade attack detected", ":TLS13_DOWNGRADE:" }, { "Empty ALPN protocol not allowed", ":PARSE_TLSEXT:" }, { "Encoding error: Cannot encode PSS string, output length too small", ":NO_COMMON_SIGNATURE_ALGORITHMS:" }, { "Expected TLS but got a record with DTLS version", ":WRONG_VERSION_NUMBER:" }, diff --git a/src/bogo_shim/config.json b/src/bogo_shim/config.json index d43fefb73..afbdd9822 100644 --- a/src/bogo_shim/config.json +++ b/src/bogo_shim/config.json @@ -27,7 +27,8 @@ "SupportedVersionSelection-TLS12": "We just ignore the version extension in this case", - "Downgrade*": "The 1.3 downgrade indicator is not implemented", + "Downgrade-*-Client-Ignore": "Not possible to ignore downgrade indicator", + "Downgrade-TLS12-*": "Not a downgrade when we don't support v1.3", "*SSL3*": "No SSLv3", "*SSLv3*": "No SSLv3", |