aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls/tls_client.cpp
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2019-07-12 08:50:59 -0400
committerJack Lloyd <[email protected]>2019-07-12 08:51:09 -0400
commitb5f3463555f56fb11563e3cec8a1a0d5ecfffe48 (patch)
treeb3f6c84461892cd66987270584e0fc22e46172f2 /src/lib/tls/tls_client.cpp
parent7ce479e51f0d43df600c620c6c6de721809b1546 (diff)
Add TLS v1.3 downgrade indicator
Diffstat (limited to 'src/lib/tls/tls_client.cpp')
-rw-r--r--src/lib/tls/tls_client.cpp6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp
index 12c95595d..10bd34226 100644
--- a/src/lib/tls/tls_client.cpp
+++ b/src/lib/tls/tls_client.cpp
@@ -309,6 +309,12 @@ void Client::process_handshake_msg(const Handshake_State* active_state,
"Server replied with non-null compression method");
}
+ if(state.client_hello()->version() > state.server_hello()->version())
+ {
+ if(state.server_hello()->random_signals_downgrade())
+ throw TLS_Exception(Alert::ILLEGAL_PARAMETER, "Downgrade attack detected");
+ }
+
auto client_extn = state.client_hello()->extension_types();
auto server_extn = state.server_hello()->extension_types();