mirrors/XTLS_REALITY
0
0
Fork 0
mirror of https://github.com/XTLS/REALITY.git synced 2025-08-22 14:38:35 +00:00
Code

crypto/tls: match compression method alert across versions

Browse Source 
When a pre-TLS 1.3 server processes a client hello message that
indicates compression methods that don't include the null compression
method, send an illegal parameter alert.

Previously we did this for TLS 1.3 server handshakes only, and the
legacy TLS versions used alertHandshakeFailure for this circumstance. By
switching this to alertIllegalParameter we use a consistent alert across
all TLS versions, and can also enable the NoNullCompression-TLS12 BoGo
test we were skipping.

Updates #72006

Change-Id: I27a2cd231e4b8762b0d9e2dbd3d8ddd5b87fd5ce
Reviewed-on: https://go-review.googlesource.com/c/go/+/673736
TryBot-Bypass: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: David Chase <drchase@google.com>
This commit is contained in:
yuhan6665 2025-05-25 15:37:45 -04:00
parent 23391d6c98
commit 5245e84e2b
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
handshake_server.go
View File

@ -229,7 +229,7 @@ func (hs *serverHandshakeState) processClientHello() error {
} }
if !foundCompression { if !foundCompression {
c.sendAlert(alertHandshakeFailure) c.sendAlert(alertIllegalParameter)
return errors.New("tls: client does not support uncompressed connections") return errors.New("tls: client does not support uncompressed connections")
} }