mirrors/XTLS_REALITY
0
0
Fork 0
mirror of https://github.com/XTLS/REALITY.git synced 2025-08-22 14:38:35 +00:00
Code

crypto/tls: update TLS 1.3 client compression validation

Browse Source 
Unlike in earlier TLS versions, in TLS 1.3 when processing a server
hello the legacy_compression_method MUST have the value 0. It is no
longer a parameter that offers a choice of compression method.

With this in mind, it seems more appropriate to return a decode error
when we encounter a non-zero compression method in a server hello
message. We haven't found a parameter value we reject, we've found
a message that doesn't decode according to its specification.

Making this change also aligns with BoringSSL and allows enabling the
TLS13-HRR-InvalidCompressionMethod bogo test.

Updates #72006

Change-Id: I27a2cd231e4b8762b0d9e2dbd3d8ddd5b87fd5c4
Reviewed-on: https://go-review.googlesource.com/c/go/+/669156
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
This commit is contained in:
yuhan6665 2025-05-10 23:41:59 -04:00
parent ce70d0748e
commit eef41364b3
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
handshake_client_tls13.go
View File

@ -197,8 +197,8 @@ func (hs *clientHandshakeStateTLS13) checkServerHelloOrHRR() error {
} }
if hs.serverHello.compressionMethod != compressionNone { if hs.serverHello.compressionMethod != compressionNone {
c.sendAlert(alertIllegalParameter) c.sendAlert(alertDecodeError)
return errors.New("tls: server selected unsupported compression format") return errors.New("tls: server sent non-zero legacy TLS compression method")
} }
selectedSuite := mutualCipherSuiteTLS13(hs.hello.cipherSuites, hs.serverHello.cipherSuite) selectedSuite := mutualCipherSuiteTLS13(hs.hello.cipherSuites, hs.serverHello.cipherSuite)