From d8f1ea81916a8230d8148fce0219beaf67bd0ba6 Mon Sep 17 00:00:00 2001 From: lloyd Date: Sat, 9 Jun 2012 03:48:30 +0000 Subject: A fix for bug 192. First, when renegotiating in the client, attempt to renegotiate using our currently negotiated version instead of our preferred version. It turns out that neither OpenSSL nor GnuTLS like clients changing the version between negotiations, both send a protocol_version alert. So we probably want to avoid doing that. On the server side, handle a client sending inconsistent versions as best we can. If the client attmepts to renegotiate a session using a later version, return a server hello with their original version (this is what OpenSSL does). If they attempt to renegotiate using an earlier version, send a fatal alert and close the connection, since this seems like a dubious thing to do. Also, fix the situation where we as a TLS v1.0 server (because of configuration) are talking to a TLS v1.2 client. We would still use their signature_algorithms extension and send a SHA-256 (or whatever) signature! --- src/tls/c_kex.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/tls/c_kex.cpp') diff --git a/src/tls/c_kex.cpp b/src/tls/c_kex.cpp index e687ff98a..2981cbaed 100644 --- a/src/tls/c_kex.cpp +++ b/src/tls/c_kex.cpp @@ -295,7 +295,7 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector& contents, } catch(...) { - // Randomize the hide timing channel + // Randomize to hide timing channel pre_master = rng.random_vec(48); pre_master[0] = client_version.major_version(); pre_master[1] = client_version.minor_version(); -- cgit v1.2.3