mirrors/XTLS_REALITY
0
0
Fork 0
mirror of https://github.com/XTLS/REALITY.git synced 2025-08-22 14:38:35 +00:00
Code

crypto/tls: handle client hello version too high

Browse Source 
If the client hello legacy version is >= TLS 1.3, and no
supported_versions extension is sent, negotiate TLS 1.2 or lower when
supported.

On the topic of supported version negotiation RFC 8446 4.2.1 indicates
TLS 1.3 implementations MUST send a supported_versions extension with
a list of their supported protocol versions. The crypto/tls package
enforces this when the client hello legacy version indicates TLS 1.3
(0x0304), aborting the handshake with an alertMissingExtension alert if
no supported_versions were received.

However, section 4.2.1 indicates different behaviour should be used when
the extension is not present and TLS 1.2 or prior are supported:

  If this extension is not present, servers which are compliant with
  this specification and which also support TLS 1.2 MUST negotiate
  TLS 1.2 or prior as specified in [RFC5246], even if
  ClientHello.legacy_version is 0x0304 or later.

This commit updates the client hello processing logic to allow this
behaviour. If no supported_versions extension was received we ignore the
legacy version being >= TLS 1.3 and instead negotiate a lower supported
version if the server configuration allows.

This fix in turn allows enabling the BoGo ClientHelloVersionTooHigh,
MinorVersionTolerance, and MajorVersionTolerance tests.

Updates #72006
Change-Id: I27a2cd231e4b8762b0d9e2dbd3d8ddd5b87fd5c9
Reviewed-on: https://go-review.googlesource.com/c/go/+/671235
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
This commit is contained in:
yuhan6665 2025-05-10 23:50:17 -04:00
parent db7cbf40cc
commit 20f151b00a
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
handshake_server.go
View File

@ -170,7 +170,15 @@ func (c *Conn) readClientHello(ctx context.Context) (*clientHelloMsg, *echServer
c.ticketKeys = originalConfig.ticketKeys(configForClient) c.ticketKeys = originalConfig.ticketKeys(configForClient)
clientVersions := clientHello.supportedVersions clientVersions := clientHello.supportedVersions
if len(clientHello.supportedVersions) == 0 { if clientHello.vers >= VersionTLS13 && len(clientVersions) == 0 {
// RFC 8446 4.2.1 indicates when the supported_versions extension is not sent,
// compatible servers MUST negotiate TLS 1.2 or earlier if supported, even
// if the client legacy version is TLS 1.3 or later.
//
// Since we reject empty extensionSupportedVersions in the client hello unmarshal
// finding the supportedVersions empty indicates the extension was not present.
clientVersions = supportedVersionsFromMax(VersionTLS12)
} else if len(clientVersions) == 0 {
clientVersions = supportedVersionsFromMax(clientHello.vers) clientVersions = supportedVersionsFromMax(clientHello.vers)
} }
c.vers, ok = c.config.mutualVersion(roleServer, clientVersions) c.vers, ok = c.config.mutualVersion(roleServer, clientVersions)