Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: cannot send TLS_FALLBACK_SCSV #9831

SlyMarbo opened this issue Feb 10, 2015 · 5 comments

crypto/tls: cannot send TLS_FALLBACK_SCSV #9831

SlyMarbo opened this issue Feb 10, 2015 · 5 comments


Copy link

version: go1.4.1

Because the ClientHello's cipher suites are constructed in tls.Conn.clientHandshake() (crypto/tls/handshake_client.go:31) from the cipherSuites slice defined at crypto/tls/cipher_suites.go:69, which doesn't contain an entry for TLS_FALLBACK_SCSV, it's impossible for the package to send the SCSV.

The relevant code is as follows:

65      possibleCipherSuites := c.config.cipherSuites()
66      hello.cipherSuites = make([]uint16, 0, len(possibleCipherSuites))
68  NextCipherSuite:
69      for _, suiteId := range possibleCipherSuites {
70          for _, suite := range cipherSuites {
71              if != suiteId {
72                  continue
73              }
74              // Don't advertise TLS 1.2-only cipher suites unless
75              // we're attempting TLS 1.2.
76              if hello.vers < VersionTLS12 && suite.flags&suiteTLS12 != 0 {
77                  continue
78              }
79              hello.cipherSuites = append(hello.cipherSuites, suiteId)
80              continue NextCipherSuite
81          }
82      }

Since TLS_FALLBACK_SCSV is not in cipherSuites, line 72 above will skip over any entries of TLS_FALLBACK_SCSV in the tls.Config. The following patch would resolve the issue:

--- a/src/crypto/tls/handshake_client.go
+++ b/src/crypto/tls/handshake_client.go
@@ -67,6 +67,10 @@ func (c *Conn) clientHandshake() error {

        for _, suiteId := range possibleCipherSuites {
+               if suiteId == TLS_FALLBACK_SCSV {
+                       hello.cipherSuites = append(hello.cipherSuites, suiteId)
+                       continue
+               }
                for _, suite := range cipherSuites {
                        if != suiteId {
@bradfitz bradfitz added this to the Go1.5 milestone Feb 10, 2015
Copy link

Another one for @agl.

@mikioh mikioh changed the title "crypto/tls" cannot send TLS_FALLBACK_SCSV crypto/tls: cannot send TLS_FALLBACK_SCSV Feb 10, 2015
Copy link

agl commented Feb 11, 2015

The Go client doesn't do fallback so doesn't need to send TLS_FALLBACK_SCSV. Why do you think that you need to send it?

Copy link

I wanted to check whether my server is handling TLS_FALLBACK_SCSV correctly and using crypto/tls seemed the easiest option. It's not the most important feature but it would be nice.

@agl agl removed this from the Go1.5 milestone Apr 26, 2015
Copy link

agl commented Apr 26, 2015

On the fence about whether we want to support this, but dropping for 1.5 at least.

You would probably be better off constructing a little ClientHello message yourself for this sort of testing.

@ianlancetaylor ianlancetaylor added this to the Go1.6 milestone Jun 3, 2015
Copy link

agl commented Aug 30, 2015

I'm going to call this one: I don't think that supporting this option is worthwhile in the standard library. The use-case is pretty obscure and there are lots of testing needs that can only be met by crafting ClientHellos already.

@agl agl closed this as completed Aug 30, 2015
@golang golang locked and limited conversation to collaborators Sep 4, 2016
@rsc rsc unassigned agl Jun 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
None yet

No branches or pull requests

5 participants