kris/th5
1
0
Forka 0
Codice Problemi Pull Requests Rilasci Wiki Attività

crypto/tls: check that client cipher suite matches version

Sfoglia il codice sorgente
This commit is contained in:
Peter Wu 2017-09-12 19:52:05 +01:00
parent 998f77009e
commit 857c7243c9
1 ha cambiato i file con 6 aggiunte e 0 eliminazioni
Mostra statistiche Scarica il file Patch Scarica il file Diff Expand all files Collapse all files

6
handshake_client.go
Vedi File

@ -186,6 +186,12 @@ NextCipherSuite:
c.sendAlert(alertHandshakeFailure) c.sendAlert(alertHandshakeFailure)
return errors.New("tls: server chose an unconfigured cipher suite") return errors.New("tls: server chose an unconfigured cipher suite")
} }
// Check that the chosen cipher suite matches the protocol version.
if c.vers >= VersionTLS13 && suite.flags&suiteTLS13 == 0 ||
c.vers < VersionTLS13 && suite.flags&suiteTLS13 != 0 {
c.sendAlert(alertHandshakeFailure)
return errors.New("tls: server chose an inappropriate cipher suite")
}
hs := &clientHandshakeState{ hs := &clientHandshakeState{
c: c, c: c,