If the server offers us a SCSV instead of a real ciphersuite send a fatal alert

3 files changed, 17 insertions, 0 deletions

diff --git a/src/lib/tls/tls_ciphersuite.cpp b/src/lib/tls/tls_ciphersuite.cpp
index e8c551b01..4c9b204a6 100644
--- a/src/lib/tls/tls_ciphersuite.cpp
+++ b/src/lib/tls/tls_ciphersuite.cpp
@@ -55,6 +55,12 @@ Ciphersuite Ciphersuite::by_name(const std::string& name)
    return Ciphersuite(); // some unknown ciphersuite
    }
 
+bool Ciphersuite::is_scsv(u16bit suite)
+   {
+   // TODO: derive from IANA file in script
+   return (suite == 0x00FF || suite == 0x5600);
+   }
+
 Ciphersuite::Ciphersuite(u16bit ciphersuite_code,
                          const char* sig_algo,
                          const char* kex_algo,
diff --git a/src/lib/tls/tls_ciphersuite.h b/src/lib/tls/tls_ciphersuite.h
index 865e66abb..f6f1f35f8 100644
--- a/src/lib/tls/tls_ciphersuite.h
+++ b/src/lib/tls/tls_ciphersuite.h
@@ -30,6 +30,11 @@ class BOTAN_DLL Ciphersuite
       static Ciphersuite by_id(u16bit suite);
 
       /**
+      * Returns true iff this suite is a known SCSV
+      */
+      static bool is_scsv(u16bit suite);
+
+      /**
       * Lookup a ciphersuite by name
       * @param name the name (eg TLS_RSA_WITH_RC4_128_SHA)
       * @return ciphersuite object
diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp
index 029aa00c4..6c17409a7 100644
--- a/src/lib/tls/tls_client.cpp
+++ b/src/lib/tls/tls_client.cpp
@@ -202,6 +202,12 @@ void Client::process_handshake_msg(const Handshake_State* active_state,
                              "Server replied with ciphersuite we didn't send");
          }
 
+      if(Ciphersuite::is_scsv(state.server_hello()->ciphersuite()))
+         {
+         throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
+                             "Server replied with a signaling ciphersuite");
+         }
+
       if(!value_exists(state.client_hello()->compression_methods(),
                        state.server_hello()->compression_method()))
          {