The branch master has been updated via 9b287d53db2596a62fc0b94557d521a43f067e81 (commit) via 5df2206048d812c493d441701d55f75bdde2995d (commit) from f460e8396f8cb1be1bbd6a8a22d7e24b80d8a607 (commit)
- Log ----------------------------------------------------------------- commit 9b287d53db2596a62fc0b94557d521a43f067e81 Author: Matt Caswell <m...@openssl.org> Date: Wed Aug 8 15:29:33 2018 +0100 Add a test for TLSv1.3 fallback Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Richard Levitte <levi...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6894) commit 5df2206048d812c493d441701d55f75bdde2995d Author: Matt Caswell <m...@openssl.org> Date: Wed Aug 8 14:21:33 2018 +0100 Improve fallback protection A client that has fallen back could detect an inappropriate fallback if the TLSv1.3 downgrade protection sentinels are present. Fixes #6756 Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Richard Levitte <levi...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6894) ----------------------------------------------------------------------- Summary of changes: ssl/statem/statem_lib.c | 3 +++ test/recipes/70-test_tls13downgrade.t | 42 ++++++++++++++++++++++++++--------- util/perl/TLSProxy/Message.pm | 2 ++ 3 files changed, 36 insertions(+), 11 deletions(-) diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 8a7d178..74a2ec1 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1914,6 +1914,9 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions) if (highver != 0 && s->version != vent->version) continue; + if (highver == 0 && (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) != 0) + highver = vent->version; + method = vent->cmeth(); err = ssl_method_error(s, method); if (err != 0) { diff --git a/test/recipes/70-test_tls13downgrade.t b/test/recipes/70-test_tls13downgrade.t index dbf011c..cc5fb16 100644 --- a/test/recipes/70-test_tls13downgrade.t +++ b/test/recipes/70-test_tls13downgrade.t @@ -41,14 +41,15 @@ my $proxy = TLSProxy::Proxy->new( use constant { DOWNGRADE_TO_TLS_1_2 => 0, - DOWNGRADE_TO_TLS_1_1 => 1 + DOWNGRADE_TO_TLS_1_1 => 1, + FALLBACK_FROM_TLS_1_3 => 2, }; #Test 1: Downgrade from TLSv1.3 to TLSv1.2 $proxy->filter(\&downgrade_filter); my $testtype = DOWNGRADE_TO_TLS_1_2; $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 3; +plan tests => 4; ok(TLSProxy::Message->fail(), "Downgrade TLSv1.3 to TLSv1.2"); #Test 2: Downgrade from TLSv1.3 to TLSv1.1 @@ -64,6 +65,18 @@ $proxy->serverflags("-no_tls1_3"); $proxy->start(); ok(TLSProxy::Message->fail(), "Downgrade TLSv1.2 to TLSv1.1"); +#Test 4: Client falls back from TLSv1.3 (server does not support the fallback +# SCSV) +$proxy->clear(); +$testtype = FALLBACK_FROM_TLS_1_3; +$proxy->clientflags("-fallback_scsv -no_tls1_3"); +$proxy->start(); +my $alert = TLSProxy::Message->alert(); +ok(TLSProxy::Message->fail() + && !$alert->server() + && $alert->description() == TLSProxy::Message::AL_DESC_ILLEGAL_PARAMETER, + "Fallback from TLSv1.3"); + sub downgrade_filter { my $proxy = shift; @@ -76,18 +89,25 @@ sub downgrade_filter my $message = ${$proxy->message_list}[0]; my $ext; - if ($testtype == DOWNGRADE_TO_TLS_1_2) { - $ext = pack "C3", - 0x02, # Length - 0x03, 0x03; #TLSv1.2 + if ($testtype == FALLBACK_FROM_TLS_1_3) { + #The default ciphersuite we use for TLSv1.2 without any SCSV + my @ciphersuites = (TLSProxy::Message::CIPHER_RSA_WITH_AES_128_CBC_SHA); + $message->ciphersuite_len(2 * scalar @ciphersuites); + $message->ciphersuites(\@ciphersuites); } else { - $ext = pack "C3", - 0x02, # Length - 0x03, 0x02; #TLSv1.1 + if ($testtype == DOWNGRADE_TO_TLS_1_2) { + $ext = pack "C3", + 0x02, # Length + 0x03, 0x03; #TLSv1.2 + } else { + $ext = pack "C3", + 0x02, # Length + 0x03, 0x02; #TLSv1.1 + } + + $message->set_extension(TLSProxy::Message::EXT_SUPPORTED_VERSIONS, $ext); } - $message->set_extension(TLSProxy::Message::EXT_SUPPORTED_VERSIONS, $ext); - $message->repack(); } diff --git a/util/perl/TLSProxy/Message.pm b/util/perl/TLSProxy/Message.pm index 44952ad..dae6daa 100644 --- a/util/perl/TLSProxy/Message.pm +++ b/util/perl/TLSProxy/Message.pm @@ -41,6 +41,7 @@ use constant { use constant { AL_DESC_CLOSE_NOTIFY => 0, AL_DESC_UNEXPECTED_MESSAGE => 10, + AL_DESC_ILLEGAL_PARAMETER => 47, AL_DESC_NO_RENEGOTIATION => 100 }; @@ -125,6 +126,7 @@ use constant { }; use constant { + CIPHER_RSA_WITH_AES_128_CBC_SHA => 0x002f, CIPHER_DHE_RSA_AES_128_SHA => 0x0033, CIPHER_ADH_AES_128_SHA => 0x0034, CIPHER_TLS13_AES_128_GCM_SHA256 => 0x1301, _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits