From 6ae7f072e3b220b17ca5182226de882d10080f50 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Mon, 26 Jan 2015 10:22:13 -0500 Subject: [PATCH] Only send sigalgs extension in 1.2-capable ClientHellos. BUG=https://code.google.com/p/webrtc/issues/detail?id=4223 Change-Id: I88eb036fdc6da17bc6a5179df02f35486abe9add Reviewed-on: https://boringssl-review.googlesource.com/3030 Reviewed-by: Adam Langley --- ssl/t1_lib.c | 2 +- ssl/test/runner/handshake_server.go | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 64e8ea0c..e26351b5 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -913,7 +913,7 @@ uint8_t *ssl_add_clienthello_tlsext(SSL *s, uint8_t *buf, uint8_t *limit, } } - if (SSL_USE_SIGALGS(s)) { + if (ssl3_version_from_wire(s, s->client_version) >= TLS1_2_VERSION) { size_t salglen; const uint8_t *salg; salglen = tls12_get_psigalgs(s, &salg); diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go index b61292e1..1234a578 100644 --- a/ssl/test/runner/handshake_server.go +++ b/ssl/test/runner/handshake_server.go @@ -172,6 +172,11 @@ func (hs *serverHandshakeState) readClientHello() (isResume bool, err error) { } c.clientVersion = hs.clientHello.vers + // Reject < 1.2 ClientHellos with signature_algorithms. + if c.clientVersion < VersionTLS12 && len(hs.clientHello.signatureAndHashes) > 0 { + return false, fmt.Errorf("tls: client included signature_algorithms before TLS 1.2") + } + c.vers, ok = config.mutualVersion(hs.clientHello.vers) if !ok { c.sendAlert(alertProtocolVersion)