Clients MUST check for supported_versions extensions and abort in case it was received on TLS version prior to 1.3

cloudflare / tls-tris

crypto/tls, now with 100% more 1.3. THE API IS NOT STABLE AND DOCUMENTATION IS NOT GUARANTEED.

Other

292 stars 50 forks source link

Clients MUST check for supported_versions extensions and abort in case it was received on TLS version prior to 1.3 #118

Closed kriskwiatkowski closed 6 years ago

kriskwiatkowski commented 6 years ago

Current code

handshake_messages.go:
...
    svData := findExtension(data, extensionSupportedVersions)
    if svData != nil {
        if len(svData) != 2 {
            return alertDecodeError
        }
        if m.vers != VersionTLS12 {
            return alertDecodeError
        }
        m.vers = uint16(svData[0])<<8 | uint16(svData[1])
    }

As per 4.2.1, if svData is < 0x0304, client MUST abort with illegal_parameter (as server has negotiated TLS 1.2 or older, in which case it MUST NOT send back supportedVersions extension)