mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-04 20:47:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

crypto/tls: reject change_cipher_spec record after handshake in TLS 1.3 (#170)

Browse source 
https://github.com/golang/go/pull/58912
This commit is contained in:
RPRX 2023-03-08 20:50:55 +00:00 committed by GitHub
parent 88b6acde2b
commit 92986c9bcf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
conn.go
View file

@ -731,7 +731,7 @@ func (c *Conn) readRecordOrCCS(expectChangeCipherSpec bool) error {
// 5, a server can send a ChangeCipherSpec before its ServerHello, when // 5, a server can send a ChangeCipherSpec before its ServerHello, when
// c.vers is still unset. That's not useful though and suspicious if the // c.vers is still unset. That's not useful though and suspicious if the
// server then selects a lower protocol version, so don't allow that. // server then selects a lower protocol version, so don't allow that.
if c.vers == VersionTLS13 { if c.vers == VersionTLS13 && !handshakeComplete {
return c.retryReadRecord(expectChangeCipherSpec) return c.retryReadRecord(expectChangeCipherSpec)
} }
if !expectChangeCipherSpec { if !expectChangeCipherSpec {