From 15efa424b2b31763a22d364accdd30e03612d5dc Mon Sep 17 00:00:00 2001
From: RPRX <63339210+RPRX@users.noreply.github.com>
Date: Tue, 7 Mar 2023 15:19:08 +0000
Subject: [PATCH] crypto/tls: reject change_cipher_spec record after handshake
 in TLS 1.3

https://github.com/golang/go/pull/58912
---
 conn.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/conn.go b/conn.go
index 47a60c1..fd92b54 100644
--- a/conn.go
+++ b/conn.go
@@ -762,7 +762,7 @@ func (c *Conn) readRecordOrCCS(expectChangeCipherSpec bool) error {
 		// 5, a server can send a ChangeCipherSpec before its ServerHello, when
 		// c.vers is still unset. That's not useful though and suspicious if the
 		// server then selects a lower protocol version, so don't allow that.
-		if c.vers == VersionTLS13 {
+		if c.vers == VersionTLS13 && !handshakeComplete {
 			return c.retryReadRecord(expectChangeCipherSpec)
 		}
 		if !expectChangeCipherSpec {