crypto/tls: check client's supported versions when using QUIC

According to RFC 9001 Section 4.2, the client MUST NOT offer any TLS version older than 1.3. Fixes #63723. Change-Id: Ia92f98274ca784e2bc151faf236380af51f699c1 Reviewed-on: https://go-review.googlesource.com/c/go/+/537576 Reviewed-by: Filippo Valsorda <filippo@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com>
2025-04-03 20:17:36 +03:00 · 2023-10-25 11:04:24 +07:00 · 2023-10-25 11:04:24 +07:00 · f20bc39fcb
commit f20bc39fcb
parent 2dbfad5cbe
1 changed files with 8 additions and 1 deletions
--- a/handshake_server_tls13.go
+++ b/handshake_server_tls13.go
@ -240,8 +240,15 @@ GroupSelection:
 	c.clientProtocol = selectedProto

 	if c.quic != nil {
+		// RFC 9001 Section 4.2: Clients MUST NOT offer TLS versions older than 1.3.
+		for _, v := range hs.clientHello.supportedVersions {
+			if v < VersionTLS13 {
+				c.sendAlert(alertProtocolVersion)
+				return errors.New("tls: client offered TLS version older than TLS 1.3")
+			}
+		}
+		// RFC 9001 Section 8.2.
 		if hs.clientHello.quicTransportParameters == nil {
-			// RFC 9001 Section 8.2.
 			c.sendAlert(alertMissingExtension)
 			return errors.New("tls: client did not send a quic_transport_parameters extension")
 		}