diff options
author | Matt Caswell <matt@openssl.org> | 2017-11-09 16:03:40 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-12-14 15:06:37 +0000 |
commit | 6f40214f68d06820304e6f9a4c60099a1fbce10c (patch) | |
tree | d10753086195f071f860f99b4c550ac009ea226a /ssl | |
parent | 597c51bc980ba6d7470dd8de747ac12a6c7a442b (diff) | |
download | openssl-6f40214f68d06820304e6f9a4c60099a1fbce10c.tar.gz |
Fix an HRR bug
Ensure that after an HRR we can only negotiate TLSv1.3
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/statem/statem_lib.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index c38c1337b5..d64ddffffd 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1655,6 +1655,10 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd) suppversions = &hello->pre_proc_exts[TLSEXT_IDX_supported_versions]; + /* If we did an HRR then supported versions is mandatory */ + if (!suppversions->present && s->hello_retry_request) + return SSL_R_UNSUPPORTED_PROTOCOL; + if (suppversions->present && !SSL_IS_DTLS(s)) { unsigned int candidate_vers = 0; unsigned int best_vers = 0; @@ -1699,10 +1703,10 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd) } if (best_vers > 0) { - if (SSL_IS_TLS13(s)) { + if (s->hello_retry_request) { /* - * We get here if this is after a HelloRetryRequest. In this - * case we just check that we still negotiated TLSv1.3 + * This is after a HelloRetryRequest so we better check that we + * negotiated TLSv1.3 */ if (best_vers != TLS1_3_VERSION) return SSL_R_UNSUPPORTED_PROTOCOL; |