OLD | NEW |
1 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlsl
ite/constants.py | 1 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlsl
ite/constants.py |
2 index b3bad2d..d132b78 100755 | 2 index b3bad2d..d132b78 100755 |
3 --- a/third_party/tlslite/tlslite/constants.py | 3 --- a/third_party/tlslite/tlslite/constants.py |
4 +++ b/third_party/tlslite/tlslite/constants.py | 4 +++ b/third_party/tlslite/tlslite/constants.py |
5 @@ -106,6 +106,7 @@ class AlertDescription: | 5 @@ -106,6 +106,7 @@ class AlertDescription: |
6 protocol_version = 70 | 6 protocol_version = 70 |
7 insufficient_security = 71 | 7 insufficient_security = 71 |
8 internal_error = 80 | 8 internal_error = 80 |
9 + inappropriate_fallback = 86 | 9 + inappropriate_fallback = 86 |
10 user_canceled = 90 | 10 user_canceled = 90 |
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
108 self._handshakeDone(resumed=True) | 108 self._handshakeDone(resumed=True) |
109 @@ -1234,7 +1243,7 @@ class TLSConnection(TLSRecordLayer): | 109 @@ -1234,7 +1243,7 @@ class TLSConnection(TLSRecordLayer): |
110 | 110 |
111 | 111 |
112 def _serverGetClientHello(self, settings, certChain, verifierDB, | 112 def _serverGetClientHello(self, settings, certChain, verifierDB, |
113 - sessionCache, anon, tlsIntolerant): | 113 - sessionCache, anon, tlsIntolerant): |
114 + sessionCache, anon, tlsIntolerant, fallbackSCSV
): | 114 + sessionCache, anon, tlsIntolerant, fallbackSCSV
): |
115 #Initialize acceptable cipher suites | 115 #Initialize acceptable cipher suites |
116 cipherSuites = [] | 116 cipherSuites = [] |
117 if verifierDB: | 117 if verifierDB: |
118 @@ -1280,6 +1289,13 @@ class TLSConnection(TLSRecordLayer): | 118 @@ -1280,6 +1289,14 @@ class TLSConnection(TLSRecordLayer): |
119 elif clientHello.client_version > settings.maxVersion: | 119 elif clientHello.client_version > settings.maxVersion: |
120 self.version = settings.maxVersion | 120 self.version = settings.maxVersion |
121 | 121 |
122 + #Detect if the client performed an inappropriate fallback. | 122 + #Detect if the client performed an inappropriate fallback. |
123 + elif fallbackSCSV and clientHello.client_version < settings.maxVersion: | 123 + elif fallbackSCSV and clientHello.client_version < settings.maxVersion: |
| 124 + self.version = clientHello.client_version |
124 + if CipherSuite.TLS_FALLBACK_SCSV in clientHello.cipher_suites: | 125 + if CipherSuite.TLS_FALLBACK_SCSV in clientHello.cipher_suites: |
125 + for result in self._sendError(\ | 126 + for result in self._sendError(\ |
126 + AlertDescription.inappropriate_fallback): | 127 + AlertDescription.inappropriate_fallback): |
127 + yield result | 128 + yield result |
128 + | 129 + |
129 else: | 130 else: |
130 #Set the version to the client's version | 131 #Set the version to the client's version |
131 self.version = clientHello.client_version | 132 self.version = clientHello.client_version |
OLD | NEW |