diff options
author | Leander Schwarz <lschwarz@mozilla.com> | 2022-05-17 10:42:35 +0000 |
---|---|---|
committer | Leander Schwarz <lschwarz@mozilla.com> | 2022-05-17 10:42:35 +0000 |
commit | 8a4c47577fc0faa85539f8d02c27f987d75d51e5 (patch) | |
tree | c9650b788ea0e1c72966592e1248a28945061025 /lib/ssl | |
parent | ba030aa8a1a3457b261bd8e44a62153f804cce72 (diff) | |
download | nss-hg-8a4c47577fc0faa85539f8d02c27f987d75d51e5.tar.gz |
Bug 1765753 - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. r=djackson
Differential Revision: https://phabricator.services.mozilla.com/D144279
Diffstat (limited to 'lib/ssl')
-rw-r--r-- | lib/ssl/ssl3con.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index 1ac0a7ea5..27847f0f9 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -8991,9 +8991,15 @@ ssl3_HandleClientHello(sslSocket *ss, PRUint8 *b, PRUint32 length) PR_MIN(ss->clientHelloVersion, SSL_LIBRARY_VERSION_TLS_1_2), PR_TRUE); + /* Send protocol version alert if the ClientHello.legacy_version is not + * supported by the server. + * + * If the "supported_versions" extension is absent and the server only + * supports versions greater than ClientHello.legacy_version, the + * server MUST abort the handshake with a "protocol_version" alert + * [RFC8446, Appendix D.2]. */ if (rv != SECSuccess) { - desc = (ss->clientHelloVersion > SSL_LIBRARY_VERSION_3_0) ? protocol_version - : handshake_failure; + desc = protocol_version; errCode = SSL_ERROR_UNSUPPORTED_VERSION; goto alert_loser; } |