mirrors/XTLS_REALITY
0
0
Fork 0
mirror of https://github.com/XTLS/REALITY.git synced 2025-08-22 14:38:35 +00:00
Code

crypto/tls: reject change_cipher_spec record after handshake in TLS 1.3

Browse Source 
https://github.com/golang/go/pull/58912
This commit is contained in:
RPRX 2023-03-07 15:19:08 +00:00 committed by GitHub
parent 6f8fa90c03
commit 15efa424b2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
conn.go
View File

@ -762,7 +762,7 @@ func (c *Conn) readRecordOrCCS(expectChangeCipherSpec bool) error {
// 5, a server can send a ChangeCipherSpec before its ServerHello, when // 5, a server can send a ChangeCipherSpec before its ServerHello, when
// c.vers is still unset. That's not useful though and suspicious if the // c.vers is still unset. That's not useful though and suspicious if the
// server then selects a lower protocol version, so don't allow that. // server then selects a lower protocol version, so don't allow that.
if c.vers == VersionTLS13 { if c.vers == VersionTLS13 && !handshakeComplete {
return c.retryReadRecord(expectChangeCipherSpec) return c.retryReadRecord(expectChangeCipherSpec)
} }
if !expectChangeCipherSpec { if !expectChangeCipherSpec {