Client must verify that the server sent an ECC curve which policy accepts.

Otherwise a MITM who can in real time break any supported ECC curve can downgrade us.
author: Jack Lloyd <[email protected]> 2016-03-17 14:45:42 -0400
committer: Jack Lloyd <[email protected]> 2016-03-17 14:45:42 -0400
commit: cf5c88d07b44ad7c6b8702e7afb387fd8c13c3d3 (patch)
tree: 412ccee68bccde59aa47c037c4d4b85510ed2f09 /src/lib/tls/msg_client_kex.cpp
parent: b5d8783fccbd4b6686708fd4f2f84eaada3e8fed (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/src/lib/tls/msg_client_kex.cpp b/src/lib/tls/msg_client_kex.cpp
index 4bec9f3be..d7689df45 100644
--- a/src/lib/tls/msg_client_kex.cpp
+++ b/src/lib/tls/msg_client_kex.cpp
@@ -148,6 +148,12 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io,
          if(name == "")
             throw Decoding_Error("Server sent unknown named curve " + std::to_string(curve_id));
 
+         if(!policy.allowed_ecc_curve(name))
+            {
+            throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
+                                "Server sent ECC curve prohibited by policy");
+            }
+
          EC_Group group(name);
 
          std::vector<byte> ecdh_key = reader.get_range<byte>(1, 1, 255);
author	Jack Lloyd <[email protected]>	2016-03-17 14:45:42 -0400
committer	Jack Lloyd <[email protected]>	2016-03-17 14:45:42 -0400
commit	cf5c88d07b44ad7c6b8702e7afb387fd8c13c3d3 (patch)
tree	412ccee68bccde59aa47c037c4d4b85510ed2f09 /src/lib/tls/msg_client_kex.cpp
parent	b5d8783fccbd4b6686708fd4f2f84eaada3e8fed (diff)