diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-08-01 17:02:00 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-08-01 17:03:55 +0200 |
commit | 20a98e817713764b9df5306286091df1b61190d9 (patch) | |
tree | 79b918623b0be1550bfa5a4f1f471fa421286b12 | |
parent | 7c5f1955a73778c067786a88a419f337d5d9e5c0 (diff) | |
download | gnutls-20a98e817713764b9df5306286091df1b61190d9.tar.gz |
handshake: check inappropriate fallback against the configured max version
That allows to operate on a server which is explicitly configured to
utilize earlier than TLS 1.2 versions.
-rw-r--r-- | lib/gnutls_handshake.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 5c2c64ba24..3a2631f921 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -927,13 +927,13 @@ _gnutls_server_select_suite(gnutls_session_t session, uint8_t * data, /* TLS_FALLBACK_SCSV */ if (data[i] == GNUTLS_FALLBACK_SCSV_MAJOR && data[i + 1] == GNUTLS_FALLBACK_SCSV_MINOR) { + unsigned max = _gnutls_version_max(session); _gnutls_handshake_log ("HSK[%p]: Received fallback CS\n", session); - if (gnutls_protocol_get_version(session) != - GNUTLS_TLS_VERSION_MAX) - return GNUTLS_E_INAPPROPRIATE_FALLBACK; + if (gnutls_protocol_get_version(session) != max) + return gnutls_assert_val(GNUTLS_E_INAPPROPRIATE_FALLBACK); } } |