aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls/tls_client.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/tls/tls_client.cpp')
-rw-r--r--src/lib/tls/tls_client.cpp6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp
index 12c95595d..10bd34226 100644
--- a/src/lib/tls/tls_client.cpp
+++ b/src/lib/tls/tls_client.cpp
@@ -309,6 +309,12 @@ void Client::process_handshake_msg(const Handshake_State* active_state,
"Server replied with non-null compression method");
}
+ if(state.client_hello()->version() > state.server_hello()->version())
+ {
+ if(state.server_hello()->random_signals_downgrade())
+ throw TLS_Exception(Alert::ILLEGAL_PARAMETER, "Downgrade attack detected");
+ }
+
auto client_extn = state.client_hello()->extension_types();
auto server_extn = state.server_hello()->extension_types();