diff options
author | Matt Caswell <matt@openssl.org> | 2018-08-08 14:21:33 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-08-09 10:53:09 +0100 |
commit | 5df2206048d812c493d441701d55f75bdde2995d (patch) | |
tree | af666b3d05406cce1cbe6cb4ba53d75f37241211 | |
parent | f460e8396f8cb1be1bbd6a8a22d7e24b80d8a607 (diff) |
Improve fallback protection
A client that has fallen back could detect an inappropriate fallback if
the TLSv1.3 downgrade protection sentinels are present.
Fixes #6756
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6894)
-rw-r--r-- | ssl/statem/statem_lib.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 8a7d178a51..74a2ec11de 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1914,6 +1914,9 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions) if (highver != 0 && s->version != vent->version) continue; + if (highver == 0 && (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) != 0) + highver = vent->version; + method = vent->cmeth(); err = ssl_method_error(s, method); if (err != 0) { |