kris/th5
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

crypto/tls: check that client cipher suite matches version

Browse Source
This commit is contained in:
Peter Wu 2017-09-12 19:52:05 +01:00
parent 998f77009e
commit 857c7243c9
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
handshake_client.go
View File

@ -186,6 +186,12 @@ NextCipherSuite:
c.sendAlert(alertHandshakeFailure) c.sendAlert(alertHandshakeFailure)
return errors.New("tls: server chose an unconfigured cipher suite") return errors.New("tls: server chose an unconfigured cipher suite")
} }
// Check that the chosen cipher suite matches the protocol version.
if c.vers >= VersionTLS13 && suite.flags&suiteTLS13 == 0 ||
c.vers < VersionTLS13 && suite.flags&suiteTLS13 != 0 {
c.sendAlert(alertHandshakeFailure)
return errors.New("tls: server chose an inappropriate cipher suite")
}
hs := &clientHandshakeState{ hs := &clientHandshakeState{
c: c, c: c,