Merge 24f59a0 into 3aa55f4

tlsfuzzer · Jan 16, 2020 · d5fd75a · d5fd75a
2 parents 3aa55f4 + 24f59a0
commit d5fd75a
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/tlslite/constants.py b/tlslite/constants.py
@@ -357,6 +357,13 @@ def toRepr(cls, value, blacklist=None):
         return super(GroupName, cls).toRepr(value, blacklist)
 
 
+# groups forbidden by RFC 8446 section B.3.1.4
+TLS_1_3_FORBIDDEN_GROUPS = frozenset().union(
+    range(1, 0x17),
+    range(0x1A, 0x1D),
+    (0xff01, 0xff02))
+
+
 class ECPointFormat(TLSEnum):
     """Names and ID's of supported EC point formats."""
 

diff --git a/tlslite/tlsconnection.py b/tlslite/tlsconnection.py
@@ -3115,6 +3115,14 @@ def _serverGetClientHello(self, settings, private_key, cert_chain,
                             "Empty key_share extension"):
                         yield result
 
+                # check supported_groups
+                if TLS_1_3_FORBIDDEN_GROUPS.intersection(sup_groups.groups):
+                    for result in self._sendError(
+                            AlertDescription.illegal_parameter,
+                            "Client advertised in TLS 1.3 Client Hello a key "
+                            "exchange group forbidden in TLS 1.3"):
+                        yield result
+
                 # Check key_share
                 mismatch = next((i for i in key_share.client_shares
                                  if i.group not in sup_groups.groups), None)