Commit 5df22060 authored Aug 08, 2018 by Matt Caswell

Improve fallback protection



A client that has fallen back could detect an inappropriate fallback if
the TLSv1.3 downgrade protection sentinels are present.

Fixes #6756

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6894)

parent f460e839

ssl/statem/statem_lib.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -1914,6 +1914,9 @@ int ssl_choose_client_version(SSL s, int version, RAW_EXTENSION extensions)
		if (highver != 0 && s->version != vent->version)
		continue;

		if (highver == 0 && (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) != 0)
		highver = vent->version;

		method = vent->cmeth();
		err = ssl_method_error(s, method);
		if (err != 0) {