Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: Server can specify an unadvertised cipher suite #13174

Closed
RalphCorderoy opened this issue Nov 6, 2015 · 3 comments
Closed

crypto/tls: Server can specify an unadvertised cipher suite #13174

RalphCorderoy opened this issue Nov 6, 2015 · 3 comments

Comments

@RalphCorderoy
Copy link

crypto/tls/handshake_client.go has clientHandshake() that whittles c.config.cipherSuites() down to those in cipherSuites that aren't TLS1.2 suites unless we're doing a TLS1.2 ClientHello. Assume we're not doing TLS1.2. This cut-down list goes to the server in the ClientHello and it sends back the one to use. We check that it's in c.config.cipherSuites() or else send an Alert back, but that's the original list and so allows the server to specify a suite that was omitted from the advertised list because suite.flags&suiteTLS12 was true.

@ianlancetaylor ianlancetaylor added this to the Unplanned milestone Nov 6, 2015
@ianlancetaylor
Copy link
Contributor

CC @agl

@agl agl self-assigned this Nov 6, 2015
@RalphCorderoy
Copy link
Author

@gopherbot
Copy link

CL https://golang.org/cl/16698 mentions this issue.

@rsc rsc closed this as completed in db4ef21 Nov 26, 2015
@golang golang locked and limited conversation to collaborators Nov 27, 2016
FiloSottile pushed a commit to FiloSottile/go that referenced this issue Oct 12, 2018
During the TLS handshake, check the cipher suite the server selects is
one of those offered in the ClientHello.  The code was checking it was
in the larger list that was sometimes whittled down for the ClientHello.

Fixes golang#13174

Change-Id: Iad8eebbcfa5027f30403b9700c43cfa949e135bb
Reviewed-on: https://go-review.googlesource.com/16698
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
FiloSottile pushed a commit to FiloSottile/go that referenced this issue Oct 12, 2018
During the TLS handshake, check the cipher suite the server selects is
one of those offered in the ClientHello.  The code was checking it was
in the larger list that was sometimes whittled down for the ClientHello.

Fixes golang#13174

Change-Id: Iad8eebbcfa5027f30403b9700c43cfa949e135bb
Reviewed-on: https://go-review.googlesource.com/16698
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
@rsc rsc unassigned agl Jun 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

4 participants