New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/tls: Server can specify an unadvertised cipher suite #13174
Labels
Milestone
Comments
CC @agl |
CL https://golang.org/cl/16698 mentions this issue. |
FiloSottile
pushed a commit
to FiloSottile/go
that referenced
this issue
Oct 12, 2018
During the TLS handshake, check the cipher suite the server selects is one of those offered in the ClientHello. The code was checking it was in the larger list that was sometimes whittled down for the ClientHello. Fixes golang#13174 Change-Id: Iad8eebbcfa5027f30403b9700c43cfa949e135bb Reviewed-on: https://go-review.googlesource.com/16698 Reviewed-by: Adam Langley <agl@golang.org> Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Russ Cox <rsc@golang.org>
FiloSottile
pushed a commit
to FiloSottile/go
that referenced
this issue
Oct 12, 2018
During the TLS handshake, check the cipher suite the server selects is one of those offered in the ClientHello. The code was checking it was in the larger list that was sometimes whittled down for the ClientHello. Fixes golang#13174 Change-Id: Iad8eebbcfa5027f30403b9700c43cfa949e135bb Reviewed-on: https://go-review.googlesource.com/16698 Reviewed-by: Adam Langley <agl@golang.org> Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Russ Cox <rsc@golang.org>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
crypto/tls/handshake_client.go has clientHandshake() that whittles c.config.cipherSuites() down to those in cipherSuites that aren't TLS1.2 suites unless we're doing a TLS1.2 ClientHello. Assume we're not doing TLS1.2. This cut-down list goes to the server in the ClientHello and it sends back the one to use. We check that it's in c.config.cipherSuites() or else send an Alert back, but that's the original list and so allows the server to specify a suite that was omitted from the advertised list because suite.flags&suiteTLS12 was true.
The text was updated successfully, but these errors were encountered: