From 800ed8df42f692d55a629b2d5a21a3c3779943fa Mon Sep 17 00:00:00 2001 From: Joel Sing Date: Sat, 25 Jan 2020 14:23:28 +0000 Subject: Only perform the downgrade check if our max version is less than TLSv1.3. Issue noticed by kn@ when talking to a TLSv1.3 capable mail server, but with smtpd capping max version to TLSv1.2. ok beck@ --- lib/libssl/tls13_client.c | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) (limited to 'lib/libssl') diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c index 737a1015a56..fb21b54621e 100644 --- a/lib/libssl/tls13_client.c +++ b/lib/libssl/tls13_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_client.c,v 1.33 2020/01/25 09:20:56 jsing Exp $ */ +/* $OpenBSD: tls13_client.c,v 1.34 2020/01/25 14:23:27 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -288,20 +288,22 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs) goto err; if (tls13_server_hello_is_legacy(cbs)) { - /* - * RFC 8446 section 4.1.3, We must not downgrade if - * the server random value contains the TLS 1.2 or 1.1 - * magical value. - */ - if (!CBS_skip(&server_random, CBS_len(&server_random) - - sizeof(tls13_downgrade_12))) - goto err; - if (CBS_mem_equal(&server_random, tls13_downgrade_12, - sizeof(tls13_downgrade_12)) || - CBS_mem_equal(&server_random, tls13_downgrade_11, - sizeof(tls13_downgrade_11))) { - ctx->alert = SSL_AD_ILLEGAL_PARAMETER; - goto err; + if (ctx->hs->max_version >= TLS1_3_VERSION) { + /* + * RFC 8446 section 4.1.3, We must not downgrade if + * the server random value contains the TLS 1.2 or 1.1 + * magical value. + */ + if (!CBS_skip(&server_random, CBS_len(&server_random) - + sizeof(tls13_downgrade_12))) + goto err; + if (CBS_mem_equal(&server_random, tls13_downgrade_12, + sizeof(tls13_downgrade_12)) || + CBS_mem_equal(&server_random, tls13_downgrade_11, + sizeof(tls13_downgrade_11))) { + ctx->alert = SSL_AD_ILLEGAL_PARAMETER; + goto err; + } } if (!CBS_skip(cbs, CBS_len(cbs))) -- cgit v1.2.3