Skip to content

Commit

Permalink
crypto/tls: return better error message in the case of an SSLv2 hands…
Browse files Browse the repository at this point in the history 
…hake.

Update #3930
Return a better error message in this situation.

R=golang-dev, r
CC=golang-dev
https://golang.org/cl/6474055
  • Loading branch information
@agl
agl committed Aug 23, 2012
1 parent 6cf77f2 commit 0a115d7
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions src/pkg/crypto/tls/conn.go
View file
Expand Up @@ -487,6 +487,16 @@ Again:
return err
}
typ := recordType(b.data[0])

// No valid TLS record has a type of 0x80, however SSLv2 handshakes
// start with a uint16 length where the MSB is set and the first record
// is always < 256 bytes long. Therefore typ == 0x80 strongly suggests
// an SSLv2 client.
if want == recordTypeHandshake && typ == 0x80 {
c.sendAlert(alertProtocolVersion)
return errors.New("tls: unsupported SSLv2 handshake received")
}

vers := uint16(b.data[1])<<8 | uint16(b.data[2])
n := int(b.data[3])<<8 | int(b.data[4])
if c.haveVers && vers != c.vers {
Expand Down

0 comments on commit 0a115d7

Please sign in to comment.