Index: third_party/tlslite/patches/fallback_scsv.patch |
diff --git a/third_party/tlslite/patches/fallback_scsv.patch b/third_party/tlslite/patches/fallback_scsv.patch |
index 9a64f11b9d53df5caa0043d0bda107ebacc04137..8cd5f828896b623e1187deb82f89ae97abd1212e 100644 |
--- a/third_party/tlslite/patches/fallback_scsv.patch |
+++ b/third_party/tlslite/patches/fallback_scsv.patch |
@@ -115,12 +115,13 @@ index 45b0bbb..bd92161 100755 |
#Initialize acceptable cipher suites |
cipherSuites = [] |
if verifierDB: |
-@@ -1280,6 +1289,13 @@ class TLSConnection(TLSRecordLayer): |
+@@ -1280,6 +1289,14 @@ class TLSConnection(TLSRecordLayer): |
elif clientHello.client_version > settings.maxVersion: |
self.version = settings.maxVersion |
+ #Detect if the client performed an inappropriate fallback. |
+ elif fallbackSCSV and clientHello.client_version < settings.maxVersion: |
++ self.version = clientHello.client_version |
+ if CipherSuite.TLS_FALLBACK_SCSV in clientHello.cipher_suites: |
+ for result in self._sendError(\ |
+ AlertDescription.inappropriate_fallback): |