Only send sigalgs extension in 1.2-capable ClientHellos.

BUG=https://code.google.com/p/webrtc/issues/detail?id=4223 Change-Id: I88eb036fdc6da17bc6a5179df02f35486abe9add Reviewed-on: https://boringssl-review.googlesource.com/3030 Reviewed-by: Adam Langley <agl@google.com>
2015-01-26 10:22:13 -05:00 · 2015-01-26 10:22:13 -05:00 · 6ae7f072e3
commit 6ae7f072e3
parent 4189bd943c
2 changed files with 6 additions and 1 deletions
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@ -913,7 +913,7 @@ uint8_t *ssl_add_clienthello_tlsext(SSL *s, uint8_t *buf, uint8_t *limit,
    }
  }

-  if (SSL_USE_SIGALGS(s)) {
+  if (ssl3_version_from_wire(s, s->client_version) >= TLS1_2_VERSION) {
    size_t salglen;
    const uint8_t *salg;
    salglen = tls12_get_psigalgs(s, &salg);
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@ -172,6 +172,11 @@ func (hs *serverHandshakeState) readClientHello() (isResume bool, err error) {
 	}
 	c.clientVersion = hs.clientHello.vers

+	// Reject < 1.2 ClientHellos with signature_algorithms.
+	if c.clientVersion < VersionTLS12 && len(hs.clientHello.signatureAndHashes) > 0 {
+		return false, fmt.Errorf("tls: client included signature_algorithms before TLS 1.2")
+	}
+
 	c.vers, ok = config.mutualVersion(hs.clientHello.vers)
 	if !ok {
 		c.sendAlert(alertProtocolVersion)