diff options
author | lloyd <[email protected]> | 2012-01-06 16:54:21 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-01-06 16:54:21 +0000 |
commit | 0e3930065b0ad067b04416d4cf582ad6d9b80a3d (patch) | |
tree | 27418d01577cc0377c02bda6f189268bd10e568a /src/tls/tls_channel.cpp | |
parent | ab5ff573a861b3371aa4c9dd2c2fee675a5165a6 (diff) |
The server would incorrectly send a server key exchange message when a
pure RSA ciphersuite was negotiated.
Detection of version rollback attacks with pure RSA ciphersuites was
incorrect and would cause failures if the client supported a version
we didn't (eg GnuTLS with TLS 1.2 enabled).
Improve detection of SSLv2 client hellos. In particular, if a client
that only supports SSLv2 connects, we will detect this case and send a
protocol_version alert (which the SSLv2-only client will not
understand, but a packet analyzer probably will) plus an exception
with the message "Client claims to only support SSLv2, rejecting"
instead of the previous much less helpful "Unknown record type"
message.
Remove vestigial support for RSA export ciphersuite key exchange.
Diffstat (limited to 'src/tls/tls_channel.cpp')
-rw-r--r-- | src/tls/tls_channel.cpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/tls/tls_channel.cpp b/src/tls/tls_channel.cpp index 6d554e425..a19836395 100644 --- a/src/tls/tls_channel.cpp +++ b/src/tls/tls_channel.cpp @@ -49,7 +49,8 @@ size_t TLS_Channel::received_data(const byte buf[], size_t buf_size) buf += consumed; buf_size -= consumed; - BOTAN_ASSERT_IMPLICATAION(needed, buf_size == 0); + BOTAN_ASSERT(buf_size == 0 || needed == 0, + "Got a full record or consumed all input"); if(buf_size == 0 && needed != 0) return needed; // need more data to complete record |