diff options
author | Jack Lloyd <[email protected]> | 2019-07-12 08:50:59 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2019-07-12 08:51:09 -0400 |
commit | b5f3463555f56fb11563e3cec8a1a0d5ecfffe48 (patch) | |
tree | b3f6c84461892cd66987270584e0fc22e46172f2 /src/lib/tls/tls_client.cpp | |
parent | 7ce479e51f0d43df600c620c6c6de721809b1546 (diff) |
Add TLS v1.3 downgrade indicator
Diffstat (limited to 'src/lib/tls/tls_client.cpp')
-rw-r--r-- | src/lib/tls/tls_client.cpp | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp index 12c95595d..10bd34226 100644 --- a/src/lib/tls/tls_client.cpp +++ b/src/lib/tls/tls_client.cpp @@ -309,6 +309,12 @@ void Client::process_handshake_msg(const Handshake_State* active_state, "Server replied with non-null compression method"); } + if(state.client_hello()->version() > state.server_hello()->version()) + { + if(state.server_hello()->random_signals_downgrade()) + throw TLS_Exception(Alert::ILLEGAL_PARAMETER, "Downgrade attack detected"); + } + auto client_extn = state.client_hello()->extension_types(); auto server_extn = state.server_hello()->extension_types(); |