From 749a01f8891ca00e2929f61e3401dfe34c0035e5 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sat, 25 Jan 2020 14:23:27 +0000 Subject: Only perform the downgrade check if our max version is less than TLSv1.3. Issue noticed by kn@ when talking to a TLSv1.3 capable mail server, but with smtpd capping max version to TLSv1.2. ok beck@ --- src/lib/libssl/tls13_client.c | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 737a1015a5..fb21b54621 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_client.c,v 1.33 2020/01/25 09:20:56 jsing Exp $ */ +/* $OpenBSD: tls13_client.c,v 1.34 2020/01/25 14:23:27 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -288,20 +288,22 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs) goto err; if (tls13_server_hello_is_legacy(cbs)) { - /* - * RFC 8446 section 4.1.3, We must not downgrade if - * the server random value contains the TLS 1.2 or 1.1 - * magical value. - */ - if (!CBS_skip(&server_random, CBS_len(&server_random) - - sizeof(tls13_downgrade_12))) - goto err; - if (CBS_mem_equal(&server_random, tls13_downgrade_12, - sizeof(tls13_downgrade_12)) || - CBS_mem_equal(&server_random, tls13_downgrade_11, - sizeof(tls13_downgrade_11))) { - ctx->alert = SSL_AD_ILLEGAL_PARAMETER; - goto err; + if (ctx->hs->max_version >= TLS1_3_VERSION) { + /* + * RFC 8446 section 4.1.3, We must not downgrade if + * the server random value contains the TLS 1.2 or 1.1 + * magical value. + */ + if (!CBS_skip(&server_random, CBS_len(&server_random) - + sizeof(tls13_downgrade_12))) + goto err; + if (CBS_mem_equal(&server_random, tls13_downgrade_12, + sizeof(tls13_downgrade_12)) || + CBS_mem_equal(&server_random, tls13_downgrade_11, + sizeof(tls13_downgrade_11))) { + ctx->alert = SSL_AD_ILLEGAL_PARAMETER; + goto err; + } } if (!CBS_skip(cbs, CBS_len(cbs))) -- cgit v1.2.3-55-g6feb