diff options
Diffstat (limited to 'src/lib/tls/tls_client.cpp')
-rw-r--r-- | src/lib/tls/tls_client.cpp | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp index 12c95595d..10bd34226 100644 --- a/src/lib/tls/tls_client.cpp +++ b/src/lib/tls/tls_client.cpp @@ -309,6 +309,12 @@ void Client::process_handshake_msg(const Handshake_State* active_state, "Server replied with non-null compression method"); } + if(state.client_hello()->version() > state.server_hello()->version()) + { + if(state.server_hello()->random_signals_downgrade()) + throw TLS_Exception(Alert::ILLEGAL_PARAMETER, "Downgrade attack detected"); + } + auto client_extn = state.client_hello()->extension_types(); auto server_extn = state.server_hello()->extension_types(); |