From b4188f0c9dc835b4ecc5812f818f5da064460ab1 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sat, 1 Nov 2014 03:43:48 -0400 Subject: [PATCH] Don't be lenient if the client attempts unsafe renego. This was added in upstream's 82e610e2cfbbb5fd29c09785b6909a91e606f347. The commit message cites draft-ietf-tls-renegotiation which was on draft-ietf-tls-renegotiation-01 at the time. The text in question (6.2 Server Considerations) is no longer in RFC 5746. The RFC now recommends terminating the connection which is much simpler. It also was wrong anyway as it checked s->ctx->options instead of s->options for SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION. Removing that block will result in the connection being terminated in ssl_scan_clienthello_tlsext. Change-Id: Ie222c78babd3654c5023ad07ac0d8e0adde68698 Reviewed-on: https://boringssl-review.googlesource.com/2235 Reviewed-by: Adam Langley --- ssl/s3_pkt.c | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 28da7f4c..bfe27cc6 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -1157,25 +1157,7 @@ start: * now try again to obtain the (application) data we were asked for */ goto start; } - /* If we are a server and get a client hello when renegotiation isn't - * allowed send back a no renegotiation alert and carry on. - * WARNING: experimental code, needs reviewing (steve) - */ - if (s->server && - SSL_is_init_finished(s) && - !s->s3->send_connection_binding && - (s->version > SSL3_VERSION) && - (s->s3->handshake_fragment_len >= 4) && - (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && - (s->session != NULL) && (s->session->cipher != NULL) && - !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) - - { - /*s->s3->handshake_fragment_len = 0;*/ - rr->length = 0; - ssl3_send_alert(s,SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); - goto start; - } + if (s->s3->alert_fragment_len >= 2) { int alert_level = s->s3->alert_fragment[0];