Fix downgrading from TLS v1.3 to TLS v1.2

Fix handling of ServerHello in TLS v1.3 to support TLS v1.2 when downgrading. Added support in client and server examples for using downgrade method: wolfSSLv23_client_method_ex() or wolfSSLv23_server_method_ex(). Add tests, using downgrade version, of client or server downgrading from TLS v1.3 to TLS v1.2.
2025-08-01 03:34:39 +02:00 · 2018-02-22 11:05:58 +10:00
parent dc4edd0cd9
commit da4024b46a
8 changed files with 141 additions and 32 deletions
--- a/scripts/tls13.test
+++ b/scripts/tls13.test
@@ -373,6 +373,22 @@ if [ $RESULT -eq 0 ]; then
 fi
 echo ""

+# TLS Downgrade server / TLS 1.2 client.
+echo -e "\n\nTLS server downgrading to TLS v1.2"
+port=0
+./examples/server/server -v d -R $ready_file -p $port &
+server_pid=$!
+create_port
+./examples/client/client -v 3 -p $port
+RESULT=$?
+remove_ready_file
+if [ $RESULT -ne 0 ]; then
+    echo -e "\n\nIssue with TLS server downgrading to TLS v1.2"
+    do_cleanup
+    exit 1
+fi
+echo ""
+
 # TLS 1.2 server / TLS 1.3 client.
 echo -e "\n\nTLS v1.3 client upgrading server to TLS v1.3"
 port=0
@@ -389,6 +405,22 @@ if [ $RESULT -eq 0 ]; then
 fi
 echo ""

+# TLS 1.2 server / TLS downgrade client.
+echo -e "\n\nTLS client downgrading to TLS v1.2"
+port=0
+./examples/server/server -v 3 -R $ready_file -p $port &
+server_pid=$!
+create_port
+./examples/client/client -v d -p $port
+RESULT=$?
+remove_ready_file
+if [ $RESULT -ne 0 ]; then
+    echo -e "\n\nIssue with TLS client downgrading to TLS v1.2"
+    do_cleanup
+    exit 1
+fi
+echo ""
+
 # TLS 1.3 server / TLS 1.3 client send KeyUpdate before sending app data.
 echo -e "\n\nTLS v1.3 KeyUpdate"
 port=0