Don't be lenient if the client attempts unsafe renego.

This was added in upstream's 82e610e2cfbbb5fd29c09785b6909a91e606f347. The commit message cites draft-ietf-tls-renegotiation which was on draft-ietf-tls-renegotiation-01 at the time. The text in question (6.2 Server Considerations) is no longer in RFC 5746. The RFC now recommends terminating the connection which is much simpler. It also was wrong anyway as it checked s->ctx->options instead of s->options for SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION. Removing that block will result in the connection being terminated in ssl_scan_clienthello_tlsext. Change-Id: Ie222c78babd3654c5023ad07ac0d8e0adde68698 Reviewed-on: https://boringssl-review.googlesource.com/2235 Reviewed-by: Adam Langley <agl@google.com>
2014-11-01 03:43:48 -04:00 · 2014-11-01 03:43:48 -04:00 · b4188f0c9d
commit b4188f0c9d
parent 6867f4854e
1 changed files with 1 additions and 19 deletions
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@ -1157,25 +1157,7 @@ start:
 		 * now try again to obtain the (application) data we were asked for */
 		goto start;
 		}
-	/* If we are a server and get a client hello when renegotiation isn't
-	 * allowed send back a no renegotiation alert and carry on.
-	 * WARNING: experimental code, needs reviewing (steve)
-	 */
-	if (s->server &&
-		SSL_is_init_finished(s) &&
-    		!s->s3->send_connection_binding &&
-		(s->version > SSL3_VERSION) &&
-		(s->s3->handshake_fragment_len >= 4) &&
-		(s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
-		(s->session != NULL) && (s->session->cipher != NULL) &&
-		!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))

-		{
-		/*s->s3->handshake_fragment_len = 0;*/
-		rr->length = 0;
-		ssl3_send_alert(s,SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
-		goto start;
-		}
 	if (s->s3->alert_fragment_len >= 2)
 		{
 		int alert_level = s->s3->alert_fragment[0];