Test that switching versions on renego is illegal.
We handle this correctly but never wrote a test for it. Noticed this in chatting about the second ClientHello.version bug workaround with Eric Rescorla. Change-Id: I09bc6c995d07c0f2c9936031b52c3c639ed3695e Reviewed-on: https://boringssl-review.googlesource.com/9154 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
David Benjamin
CQ bot account: commit-bot@chromium.org
parent
2f8ea545a6
commit
e7e36aae25
@ -606,6 +606,10 @@ type ProtocolBugs struct {
|
|||||||
// peer.
|
// peer.
|
||||||
NegotiateVersion uint16
|
NegotiateVersion uint16
|
||||||
|
|
||||||
|
// NegotiateVersionOnRenego, if non-zero, causes the server to negotiate
|
||||||
|
// the specified TLS version on renegotiation rather than retaining it.
|
||||||
|
NegotiateVersionOnRenego uint16
|
||||||
|
|
||||||
// ExpectFalseStart causes the server to, on full handshakes,
|
// ExpectFalseStart causes the server to, on full handshakes,
|
||||||
// expect the peer to False Start; the server Finished message
|
// expect the peer to False Start; the server Finished message
|
||||||
// isn't sent until we receive an application data record
|
// isn't sent until we receive an application data record
|
||||||
|
|||||||
@ -222,6 +222,8 @@ func (hs *serverHandshakeState) readClientHello() error {
|
|||||||
|
|
||||||
if config.Bugs.NegotiateVersion != 0 {
|
if config.Bugs.NegotiateVersion != 0 {
|
||||||
c.vers = config.Bugs.NegotiateVersion
|
c.vers = config.Bugs.NegotiateVersion
|
||||||
|
} else if c.haveVers && config.Bugs.NegotiateVersionOnRenego != 0 {
|
||||||
|
c.vers = config.Bugs.NegotiateVersionOnRenego
|
||||||
} else {
|
} else {
|
||||||
c.vers, ok = config.mutualVersion(hs.clientHello.vers, c.isDTLS)
|
c.vers, ok = config.mutualVersion(hs.clientHello.vers, c.isDTLS)
|
||||||
if !ok {
|
if !ok {
|
||||||
|
|||||||
@ -5026,6 +5026,9 @@ func addRenegotiationTests() {
|
|||||||
"-expect-total-renegotiations", "1",
|
"-expect-total-renegotiations", "1",
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
|
|
||||||
|
// Test that the server may switch ciphers on renegotiation without
|
||||||
|
// problems.
|
||||||
testCases = append(testCases, testCase{
|
testCases = append(testCases, testCase{
|
||||||
name: "Renegotiate-Client-SwitchCiphers",
|
name: "Renegotiate-Client-SwitchCiphers",
|
||||||
renegotiate: 1,
|
renegotiate: 1,
|
||||||
@ -5052,6 +5055,27 @@ func addRenegotiationTests() {
|
|||||||
"-expect-total-renegotiations", "1",
|
"-expect-total-renegotiations", "1",
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
|
|
||||||
|
// Test that the server may not switch versions on renegotiation.
|
||||||
|
testCases = append(testCases, testCase{
|
||||||
|
name: "Renegotiate-Client-SwitchVersion",
|
||||||
|
config: Config{
|
||||||
|
MaxVersion: VersionTLS12,
|
||||||
|
// Pick a cipher which exists at both versions.
|
||||||
|
CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
|
||||||
|
Bugs: ProtocolBugs{
|
||||||
|
NegotiateVersionOnRenego: VersionTLS11,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
renegotiate: 1,
|
||||||
|
flags: []string{
|
||||||
|
"-renegotiate-freely",
|
||||||
|
"-expect-total-renegotiations", "1",
|
||||||
|
},
|
||||||
|
shouldFail: true,
|
||||||
|
expectedError: ":WRONG_SSL_VERSION:",
|
||||||
|
})
|
||||||
|
|
||||||
testCases = append(testCases, testCase{
|
testCases = append(testCases, testCase{
|
||||||
name: "Renegotiate-SameClientVersion",
|
name: "Renegotiate-SameClientVersion",
|
||||||
renegotiate: 1,
|
renegotiate: 1,
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user