Stowage/go
2
0
Fork 0
mirror of https://github.com/golang/go.git synced 2025-12-08 06:10:04 +00:00
Code Issues Projects Releases Packages Wiki Activity

crypto/tls: Server can specify an unadvertised cipher suite

Browse source 
During the TLS handshake, check the cipher suite the server selects is
one of those offered in the ClientHello.  The code was checking it was
in the larger list that was sometimes whittled down for the ClientHello.

Fixes #13174

Change-Id: Iad8eebbcfa5027f30403b9700c43cfa949e135bb
Reviewed-on: https://go-review.googlesource.com/16698
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
This commit is contained in:
Ralph Corderoy 2015-11-07 12:18:36 +00:00 committed by Russ Cox
parent b717090e01
commit db4ef216cc
2 changed files with 53 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/crypto/tls/handshake_client.go
View file

@ -165,10 +165,10 @@ NextCipherSuite:
c.vers = vers
c.haveVers = true
suite := mutualCipherSuite(c.config.cipherSuites(), serverHello.cipherSuite)
suite := mutualCipherSuite(hello.cipherSuites, serverHello.cipherSuite)
if suite == nil {
c.sendAlert(alertHandshakeFailure)
return fmt.Errorf("tls: server selected an unsupported cipher suite")
return errors.New("tls: server chose an unconfigured cipher suite")
}
hs := &clientHandshakeState{