mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-04 20:47:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

crypto/tls: implement TLS 1.3 downgrade protection

Browse source 
TLS_FALLBACK_SCSV is extremely fragile in the presence of sparse
supported_version, but gave it the best try I could.

Set the server random canaries but don't check them yet, waiting for the
browsers to clear the way of misbehaving middleboxes.

Updates #9671

Change-Id: Ie55efdec671d639cf1e716acef0c5f103e91a7ce
Reviewed-on: https://go-review.googlesource.com/c/147617
Reviewed-by: Adam Langley <agl@golang.org>
This commit is contained in:
Filippo Valsorda 2018-11-05 20:39:45 -05:00
parent b523d280e4
commit fc44e85605
5 changed files with 57 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
handshake_client_test.go
View file

@ -309,7 +309,7 @@ func (test *clientTest) run(t *testing.T, write bool) {
// TODO(filippo): regenerate client tests all at once after CL 146217,
// RSA-PSS and client-side TLS 1.3 are landed.
if !write && !strings.Contains(test.name, "TLSv13") {
t.Skip("recorded client tests are out of date")
t.Skip("recorded server tests are out of date")
}
var clientConn, serverConn net.Conn