wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4439 from SparkiDev/tls13_min_down_no_ext

Browse Source 
TLS 1.3: Check min downgrade when no extensions in ServerHello
This commit is contained in:
David Garske
2021-10-04 16:39:29 -07:00
committed by GitHub
parent 0bee624ee5 4473e9335e
commit 024c59a04c
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/tls13.c
View File

@ -3489,6 +3489,13 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ssl->version.minor = TLSv1_2_MINOR; ssl->version.minor = TLSv1_2_MINOR;
#endif #endif
ssl->options.haveEMS = 0; ssl->options.haveEMS = 0;
if (args->pv.minor < ssl->options.minDowngrade)
return VERSION_ERROR;
#ifndef WOLFSSL_NO_TLS12
return DoServerHello(ssl, input, inOutIdx, helloSz);
#else
return VERSION_ERROR;
#endif
} }
if ((args->idx - args->begin) < helloSz) { if ((args->idx - args->begin) < helloSz) {