From 22777bcc542deb15bdfbe2bbce0e4480416661db Mon Sep 17 00:00:00 2001
From: Adam Langley <agl@golang.org>
Date: Thu, 23 Aug 2012 16:44:44 -0400
Subject: [PATCH] crypto/tls: return better error message in the case of an
 SSLv2 handshake.

Update #3930
Return a better error message in this situation.

R=golang-dev, r
CC=golang-dev
https://golang.org/cl/6474055
---
 conn.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/conn.go b/conn.go
index 2a5115d..455910a 100644
--- a/conn.go
+++ b/conn.go
@@ -487,6 +487,16 @@ Again:
 		return err
 	}
 	typ := recordType(b.data[0])
+
+	// No valid TLS record has a type of 0x80, however SSLv2 handshakes
+	// start with a uint16 length where the MSB is set and the first record
+	// is always < 256 bytes long. Therefore typ == 0x80 strongly suggests
+	// an SSLv2 client.
+	if want == recordTypeHandshake && typ == 0x80 {
+		c.sendAlert(alertProtocolVersion)
+		return errors.New("tls: unsupported SSLv2 handshake received")
+	}
+
 	vers := uint16(b.data[1])<<8 | uint16(b.data[2])
 	n := int(b.data[3])<<8 | int(b.data[4])
 	if c.haveVers && vers != c.vers {