Correct version selection logic in TLS server

Due to an oversight in the logic, previously a client attempt to negotiate SSLv3 would result in the server trying to negotiate TLS v1.2. Now instead they get a protocol_error alert. Similarly, detect the the (invalid) case of a major number <= 2, which does not coorespond to any real TLS version. The server would again reply as a TLS v1.2 server in that case, and now just closes the connection with an alert.
author: Jack Lloyd <[email protected]> 2017-11-28 14:18:39 -0500
committer: Jack Lloyd <[email protected]> 2017-11-28 14:18:39 -0500
commit: bf59cc53a768cd0ea1deb78a9a75c3bc92d466e6 (patch)
tree: cf46ecfe41c17d6687e9e148c6cb8a89f827e6f8 /src
parent: 7ff369a0a26cfd9803d58eeb0206204890779b79 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp
index f20e363cf..66a0e0e1d 100644
--- a/src/lib/tls/tls_server.cpp
+++ b/src/lib/tls/tls_server.cpp
@@ -405,6 +405,11 @@ void Server::process_client_hello_msg(const Handshake_State* active_state,
    pending_state.client_hello(new Client_Hello(contents));
    const Protocol_Version client_version = pending_state.client_hello()->version();
 
+   if(client_version.major_version() < 3)
+      throw TLS_Exception(Alert::PROTOCOL_VERSION, "Client offered version with major version under 3");
+   if(client_version.major_version() == 3 && client_version.minor_version() == 0)
+      throw TLS_Exception(Alert::PROTOCOL_VERSION, "SSLv3 is not supported");
+
    Protocol_Version negotiated_version;
 
    const Protocol_Version latest_supported =
author	Jack Lloyd <[email protected]>	2017-11-28 14:18:39 -0500
committer	Jack Lloyd <[email protected]>	2017-11-28 14:18:39 -0500
commit	bf59cc53a768cd0ea1deb78a9a75c3bc92d466e6 (patch)
tree	cf46ecfe41c17d6687e9e148c6cb8a89f827e6f8 /src
parent	7ff369a0a26cfd9803d58eeb0206204890779b79 (diff)