From 720abb9265f274966faea878c7359724d7a08ba6 Mon Sep 17 00:00:00 2001 From: tb <> Date: Tue, 8 Jun 2021 17:41:52 +0000 Subject: TLSv1.3 server: avoid sending alerts in legacy records As soon as we know that we're dealing with a TLSv1.3 client, set the legacy version in the record layer to 0x0303 so that we send alerts with the correct record version. Previously we would send early alerts with a record version of 0x0300. ok jsing --- src/lib/libssl/tls13_server.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index 40454f8163..19ad0af487 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.76 2021/05/16 14:10:43 jsing Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.77 2021/06/08 17:41:52 tb Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing * Copyright (c) 2020 Bob Beck @@ -165,6 +165,9 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) } ctx->hs->negotiated_tls_version = TLS1_3_VERSION; + /* Ensure we send subsequent alerts with the correct record version. */ + tls13_record_layer_set_legacy_version(ctx->rl, TLS1_2_VERSION); + /* Add decoded values to the current ClientHello hash */ if (!tls13_clienthello_hash_init(ctx)) { ctx->alert = TLS13_ALERT_INTERNAL_ERROR; @@ -282,8 +285,6 @@ tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs) if (s->method->internal->version < TLS1_3_VERSION) return 1; - tls13_record_layer_set_legacy_version(ctx->rl, TLS1_2_VERSION); - /* * If a matching key share was provided, we do not need to send a * HelloRetryRequest. -- cgit v1.2.3-55-g6feb