diff options
author | Jack Lloyd <[email protected]> | 2016-09-21 07:27:46 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2016-09-21 07:27:46 -0400 |
commit | 2a32eddeb491b0c18a14c3d1ff9499d6efeae965 (patch) | |
tree | 2eb13f1267f0f4fd5279b1631bd69837274e4ead /src/lib/tls/tls_version.cpp | |
parent | 12483c295d393ffb2e151187a45839ba9e1f489c (diff) |
TLS Server should respect client signature_algorithms. Stricter TLS hello decoding.
If the client sent a signature_algorithms extension, we should negotiate a ciphersuite in
the shared union of the ciphersuite list and the extension, instead of ignoring it.
Found by Juraj Somorovsky GH #619
The TLS v1.2 spec says that clients should only send the signature_algorithms
extension in a hello for that version. Enforce that when decoding client hellos
to prevent this extension from confusing a v1.0 negotiation.
TLS v1.2 spec says ANON signature type is prohibited in the signature_algorithms extension
in the client hello. Prohibit it.
Reorder the TLS extensions in the client hello so there is no chance an empty extension is
the last extension in the list. Some implementations apparently reject such hellos, even
(perhaps especially) when they do not recognize the extension, this bug was mentioned on
the ietf-tls mailing list a while back.
Diffstat (limited to 'src/lib/tls/tls_version.cpp')
0 files changed, 0 insertions, 0 deletions