From 78601da9335579c01a88b356a8323117f14ec379 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sun, 22 Feb 2015 15:54:27 +0000 Subject: Reluctantly add server-side support for TLS_FALLBACK_SCSV. This allows for clients that willingly choose to perform a downgrade and attempt to establish a second connection at a lower protocol after the previous attempt unexpectedly failed, to be notified and have the second connection aborted, if the server does in fact support a higher protocol. TLS has perfectly good version negotiation and client-side fallback is dangerous. Despite this, in order to maintain maximum compatability with broken web servers, most mainstream browsers implement this. Furthermore, TLS_FALLBACK_SCSV only works if both the client and server support it and there is effectively no way to tell if this is the case, unless you control both ends. Unfortunately, various auditors and vulnerability scanners (including certain online assessment websites) consider the presence of a not yet standardised feature to be important for security, even if the clients do not perform client-side downgrade or the server only supports current TLS protocols. Diff is loosely based on OpenSSL with some inspiration from BoringSSL. Discussed with beck@ and miod@. ok bcook@ --- src/lib/libssl/t1_enc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/lib/libssl/t1_enc.c') diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index f7c4bc8dde..6e069edd4b 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_enc.c,v 1.76 2015/02/07 18:53:55 doug Exp $ */ +/* $OpenBSD: t1_enc.c,v 1.77 2015/02/22 15:54:27 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1240,6 +1240,8 @@ tls1_alert_code(int code) return (TLS1_AD_BAD_CERTIFICATE_HASH_VALUE); case SSL_AD_UNKNOWN_PSK_IDENTITY: return (TLS1_AD_UNKNOWN_PSK_IDENTITY); + case SSL_AD_INAPPROPRIATE_FALLBACK: + return(TLS1_AD_INAPPROPRIATE_FALLBACK); default: return (-1); } -- cgit v1.2.3-55-g6feb