OLD | NEW |
1 diff --git a/third_party/tlslite/tlslite/TLSConnection.py b/third_party/tlslite/
tlslite/TLSConnection.py | 1 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlsl
ite/constants.py |
2 index d2270a9..e6ce187 100644 | 2 index b3bad2d..d132b78 100755 |
3 --- a/third_party/tlslite/tlslite/TLSConnection.py | 3 --- a/third_party/tlslite/tlslite/constants.py |
4 +++ b/third_party/tlslite/tlslite/TLSConnection.py | 4 +++ b/third_party/tlslite/tlslite/constants.py |
5 @@ -937,7 +937,8 @@ class TLSConnection(TLSRecordLayer): | 5 @@ -106,6 +106,7 @@ class AlertDescription: |
6 certChain=None, privateKey=None, reqCert=False, | 6 protocol_version = 70 |
7 sessionCache=None, settings=None, checker=None, | 7 insufficient_security = 71 |
8 reqCAs=None, tlsIntolerant=0, | 8 internal_error = 80 |
9 - signedCertTimestamps=None): | 9 + inappropriate_fallback = 86 |
10 + signedCertTimestamps=None, | 10 user_canceled = 90 |
| 11 no_renegotiation = 100 |
| 12 unknown_psk_identity = 115 |
| 13 @@ -117,6 +118,9 @@ class CipherSuite: |
| 14 # We actually don't do any renegotiation, but this |
| 15 # prevents renegotiation attacks |
| 16 TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF |
| 17 + |
| 18 + # draft-bmoeller-tls-downgrade-scsv-01 |
| 19 + TLS_FALLBACK_SCSV = 0x5600 |
| 20 |
| 21 TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A |
| 22 TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D |
| 23 diff --git a/third_party/tlslite/tlslite/errors.py b/third_party/tlslite/tlslite
/errors.py |
| 24 index 22c298c..001ef33 100755 |
| 25 --- a/third_party/tlslite/tlslite/errors.py |
| 26 +++ b/third_party/tlslite/tlslite/errors.py |
| 27 @@ -63,6 +63,7 @@ class TLSAlert(TLSError): |
| 28 AlertDescription.protocol_version: "protocol_version",\ |
| 29 AlertDescription.insufficient_security: "insufficient_security",\ |
| 30 AlertDescription.internal_error: "internal_error",\ |
| 31 + AlertDescription.inappropriate_fallback: "inappropriate_fallback",\ |
| 32 AlertDescription.user_canceled: "user_canceled",\ |
| 33 AlertDescription.no_renegotiation: "no_renegotiation",\ |
| 34 AlertDescription.unknown_psk_identity: "unknown_psk_identity"} |
| 35 diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/
tlslite/tlsconnection.py |
| 36 index 45b0bbb..bd92161 100755 |
| 37 --- a/third_party/tlslite/tlslite/tlsconnection.py |
| 38 +++ b/third_party/tlslite/tlslite/tlsconnection.py |
| 39 @@ -966,7 +966,8 @@ class TLSConnection(TLSRecordLayer): |
| 40 reqCAs = None, |
| 41 tacks=None, activationFlags=0, |
| 42 nextProtos=None, anon=False, |
| 43 - tlsIntolerant=None, signedCertTimestamps=None): |
| 44 + tlsIntolerant=None, signedCertTimestamps=None, |
11 + fallbackSCSV=False): | 45 + fallbackSCSV=False): |
12 """Perform a handshake in the role of server. | 46 """Perform a handshake in the role of server. |
13 | 47 |
14 This function performs an SSL or TLS handshake. Depending on | 48 This function performs an SSL or TLS handshake. Depending on |
15 @@ -1014,6 +1014,19 @@ class TLSConnection(TLSRecordLayer): | 49 @@ -1045,6 +1046,11 @@ class TLSConnection(TLSRecordLayer): |
16 binary 8-bit string) that will be sent as a TLS extension whenever | 50 binary 8-bit string) that will be sent as a TLS extension whenever |
17 the client announces support for the extension. | 51 the client announces support for the extension. |
18 | 52 |
19 + @type tlsIntolerant: int | |
20 + @param tlsIntolerant: if non-zero, the server will simulate TLS | |
21 + version intolerance by returning a fatal, handshake_failure alert. | |
22 + The versions to which it's intolerant vary depending on the value: | |
23 + 1: reject all TLS versions. | |
24 + 2: reject TLS 1.1 or higher. | |
25 + 3: reject TLS 1.2 or higher. | |
26 + | |
27 + @type fallbackSCSV: bool | 53 + @type fallbackSCSV: bool |
28 + @param fallbackSCSV: if true, the server will implement | 54 + @param fallbackSCSV: if true, the server will implement |
29 + TLS_FALLBACK_SCSV and thus reject connections using less than the | 55 + TLS_FALLBACK_SCSV and thus reject connections using less than the |
30 + server's maximum TLS version that include this cipher suite. | 56 + server's maximum TLS version that include this cipher suite. |
31 + | 57 + |
32 @raise socket.error: If a socket error occurs. | 58 @raise socket.error: If a socket error occurs. |
33 @raise tlslite.errors.TLSAbruptCloseError: If the socket is closed | 59 @raise tlslite.errors.TLSAbruptCloseError: If the socket is closed |
34 without a preceding alert. | 60 without a preceding alert. |
35 @@ -1022,7 +1023,8 @@ class TLSConnection(TLSRecordLayer): | 61 @@ -1057,7 +1063,8 @@ class TLSConnection(TLSRecordLayer): |
36 """ | 62 checker, reqCAs, |
37 for result in self.handshakeServerAsync(sharedKeyDB, verifierDB, | 63 tacks=tacks, activationFlags=activationFlags, |
38 certChain, privateKey, reqCert, sessionCache, settings, | 64 nextProtos=nextProtos, anon=anon, tlsIntolerant=tlsIntolerant, |
39 - checker, reqCAs, tlsIntolerant, signedCertTimestamps): | 65 - signedCertTimestamps=signedCertTimestamps): |
40 + checker, reqCAs, tlsIntolerant, signedCertTimestamps, | 66 + signedCertTimestamps=signedCertTimestamps, |
41 + fallbackSCSV): | 67 + fallbackSCSV=fallbackSCSV): |
42 pass | 68 pass |
43 | 69 |
44 | 70 |
45 @@ -1030,7 +1032,8 @@ class TLSConnection(TLSRecordLayer): | 71 @@ -1068,7 +1075,8 @@ class TLSConnection(TLSRecordLayer): |
46 certChain=None, privateKey=None, reqCert=False, | 72 tacks=None, activationFlags=0, |
47 sessionCache=None, settings=None, checker=None, | 73 nextProtos=None, anon=False, |
48 reqCAs=None, tlsIntolerant=0, | 74 tlsIntolerant=None, |
49 - signedCertTimestamps=None): | 75 - signedCertTimestamps=None |
50 + signedCertTimestamps=None, | 76 + signedCertTimestamps=None, |
51 + fallbackSCSV=False): | 77 + fallbackSCSV=False |
| 78 ): |
52 """Start a server handshake operation on the TLS connection. | 79 """Start a server handshake operation on the TLS connection. |
53 | 80 |
54 This function returns a generator which behaves similarly to | 81 @@ -1089,7 +1097,8 @@ class TLSConnection(TLSRecordLayer): |
55 @@ -1049,7 +1052,8 @@ class TLSConnection(TLSRecordLayer): | 82 tacks=tacks, activationFlags=activationFlags, |
56 sessionCache=sessionCache, settings=settings, | 83 nextProtos=nextProtos, anon=anon, |
57 reqCAs=reqCAs, | |
58 tlsIntolerant=tlsIntolerant, | 84 tlsIntolerant=tlsIntolerant, |
59 - signedCertTimestamps=signedCertTimestamps) | 85 - signedCertTimestamps=signedCertTimestamps) |
60 + signedCertTimestamps=signedCertTimestamps, | 86 + signedCertTimestamps=signedCertTimestamps, |
61 + fallbackSCSV=fallbackSCSV) | 87 + fallbackSCSV=fallbackSCSV) |
62 for result in self._handshakeWrapperAsync(handshaker, checker): | 88 for result in self._handshakeWrapperAsync(handshaker, checker): |
63 yield result | 89 yield result |
64 | 90 |
65 @@ -1057,7 +1061,8 @@ class TLSConnection(TLSRecordLayer): | 91 @@ -1099,7 +1108,7 @@ class TLSConnection(TLSRecordLayer): |
66 def _handshakeServerAsyncHelper(self, sharedKeyDB, verifierDB, | 92 settings, reqCAs, |
67 certChain, privateKey, reqCert, | 93 tacks, activationFlags, |
68 sessionCache, settings, reqCAs, | 94 nextProtos, anon, |
69 - tlsIntolerant, signedCertTimestamps): | 95 - tlsIntolerant, signedCertTimestamps): |
70 + tlsIntolerant, signedCertTimestamps, | 96 + tlsIntolerant, signedCertTimestamps, fallbackSCSV)
: |
71 + fallbackSCSV): | |
72 | 97 |
73 self._handshakeStart(client=False) | 98 self._handshakeStart(client=False) |
74 | 99 |
75 @@ -1141,12 +1146,18 @@ class TLSConnection(TLSRecordLayer): | 100 @@ -1134,7 +1143,7 @@ class TLSConnection(TLSRecordLayer): |
76 yield result | 101 # Handle ClientHello and resumption |
| 102 for result in self._serverGetClientHello(settings, certChain,\ |
| 103 verifierDB, sessionCache, |
| 104 - anon, tlsIntolerant): |
| 105 + anon, tlsIntolerant, fallbackSCSV): |
| 106 if result in (0,1): yield result |
| 107 elif result == None: |
| 108 self._handshakeDone(resumed=True) |
| 109 @@ -1234,7 +1243,7 @@ class TLSConnection(TLSRecordLayer): |
77 | 110 |
78 #If client's version is too high, propose my highest version | 111 |
79 - elif clientHello.client_version > settings.maxVersion: | 112 def _serverGetClientHello(self, settings, certChain, verifierDB, |
80 + if clientHello.client_version > settings.maxVersion: | 113 - sessionCache, anon, tlsIntolerant): |
| 114 + sessionCache, anon, tlsIntolerant, fallbackSCSV
): |
| 115 #Initialize acceptable cipher suites |
| 116 cipherSuites = [] |
| 117 if verifierDB: |
| 118 @@ -1280,6 +1289,13 @@ class TLSConnection(TLSRecordLayer): |
| 119 elif clientHello.client_version > settings.maxVersion: |
81 self.version = settings.maxVersion | 120 self.version = settings.maxVersion |
82 - | 121 |
| 122 + #Detect if the client performed an inappropriate fallback. |
| 123 + elif fallbackSCSV and clientHello.client_version < settings.maxVersion: |
| 124 + if CipherSuite.TLS_FALLBACK_SCSV in clientHello.cipher_suites: |
| 125 + for result in self._sendError(\ |
| 126 + AlertDescription.inappropriate_fallback): |
| 127 + yield result |
| 128 + |
83 else: | 129 else: |
84 #Set the version to the client's version | 130 #Set the version to the client's version |
85 self.version = clientHello.client_version | 131 self.version = clientHello.client_version |
86 + if (fallbackSCSV and | |
87 + clientHello.client_version < settings.maxVersion): | |
88 + for cipherSuite in clientHello.cipher_suites: | |
89 + if cipherSuite == 0x5600: | |
90 + for result in self._sendError(\ | |
91 + AlertDescription.inappropriate_fallback): | |
92 + yield result | |
93 | |
94 #Get the client nonce; create server nonce | |
95 clientRandom = clientHello.random | |
96 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlsl
ite/constants.py | |
97 index b5a345a..23e3dcb 100644 | |
98 --- a/third_party/tlslite/tlslite/constants.py | |
99 +++ b/third_party/tlslite/tlslite/constants.py | |
100 @@ -91,6 +91,7 @@ class AlertDescription: | |
101 protocol_version = 70 | |
102 insufficient_security = 71 | |
103 internal_error = 80 | |
104 + inappropriate_fallback = 86 | |
105 user_canceled = 90 | |
106 no_renegotiation = 100 | |
107 unknown_srp_username = 120 | |
108 diff --git a/third_party/tlslite/tlslite/errors.py b/third_party/tlslite/tlslite
/errors.py | |
109 index c7f7ba8..45087e6 100644 | |
110 --- a/third_party/tlslite/tlslite/errors.py | |
111 +++ b/third_party/tlslite/tlslite/errors.py | |
112 @@ -48,6 +48,7 @@ class TLSAlert(TLSError): | |
113 AlertDescription.protocol_version: "protocol_version",\ | |
114 AlertDescription.insufficient_security: "insufficient_security",\ | |
115 AlertDescription.internal_error: "internal_error",\ | |
116 + AlertDescription.inappropriate_fallback: "inappropriate_fallback",\ | |
117 AlertDescription.user_canceled: "user_canceled",\ | |
118 AlertDescription.no_renegotiation: "no_renegotiation",\ | |
119 AlertDescription.unknown_srp_username: "unknown_srp_username",\ | |
OLD | NEW |