crypto/tls: reject change_cipher_spec record after handshake in TLS 1…

….3 (#170) golang/go#58912
refraction-networking · Mar 8, 2023 · 92986c9 · 92986c9
1 parent 88b6acd
commit 92986c9
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/conn.go b/conn.go
@@ -731,7 +731,7 @@ func (c *Conn) readRecordOrCCS(expectChangeCipherSpec bool) error {
 		// 5, a server can send a ChangeCipherSpec before its ServerHello, when
 		// c.vers is still unset. That's not useful though and suspicious if the
 		// server then selects a lower protocol version, so don't allow that.
-		if c.vers == VersionTLS13 {
+		if c.vers == VersionTLS13 && !handshakeComplete {
 			return c.retryReadRecord(expectChangeCipherSpec)
 		}
 		if !expectChangeCipherSpec {