crypto/tls: enforce 1.3 record version semantics

1.3 expects the record version is always 1.2 (0x0303), this previously wasn't enforced. Change-Id: I8bc88f588e76f9b862b57601336bb5c5ff08b30e Reviewed-on: https://go-review.googlesource.com/c/go/+/485876 Reviewed-by: Damien Neil <dneil@google.com> Auto-Submit: Roland Shoemaker <roland@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org>
2025-08-22 14:38:35 +00:00 · 2023-10-14 03:58:07 -04:00 · 2023-10-14 03:58:07 -04:00 · 9a462df048
commit 9a462df048
parent 66bea8caa4
1 changed files with 8 additions and 2 deletions
--- a/conn.go
+++ b/conn.go
@ -674,10 +674,16 @@ func (c *Conn) readRecordOrCCS(expectChangeCipherSpec bool) error {
 	}

 	vers := uint16(hdr[1])<<8 | uint16(hdr[2])
+	expectedVers := c.vers
+	if expectedVers == VersionTLS13 {
+		// All TLS 1.3 records are expected to have 0x0303 (1.2) after
+		// the initial hello (RFC 8446 Section 5.1).
+		expectedVers = VersionTLS12
+	}
 	n := int(hdr[3])<<8 | int(hdr[4])
-	if c.haveVers && c.vers != VersionTLS13 && vers != c.vers {
+	if c.haveVers && vers != expectedVers {
 		c.sendAlert(alertProtocolVersion)
-		msg := fmt.Sprintf("received record with version %x when expecting version %x", vers, c.vers)
+		msg := fmt.Sprintf("received record with version %x when expecting version %x", vers, expectedVers)
 		return c.in.setErrorLocked(c.newRecordHeaderError(nil, msg))
 	}
 	if !c.haveVers {