Skip to content

Commit

Permalink
Merge branch 'ingela/ssl/assert-server-version/OTP-19257' into maint
Browse files Browse the repository at this point in the history
* ingela/ssl/assert-server-version/OTP-19257:
  ssl: Old server should ignore new extension
  • Loading branch information
IngelaAndin committed Sep 27, 2024
2 parents 5bd4c18 + f42c076 commit a84ba97
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 4 deletions.
4 changes: 2 additions & 2 deletions lib/ssl/src/tls_handshake.erl
Original file line number Diff line number Diff line change
Expand Up @@ -242,8 +242,8 @@ hello(#client_hello{client_version = _ClientVersion,
extensions = #{client_hello_versions :=
#client_hello_versions{versions = ClientVersions}
}} = Hello,
#{versions := Versions} = SslOpts,
Info, Renegotiation) ->
#{versions := Versions = [Version |_]} = SslOpts,
Info, Renegotiation) when ?TLS_GTE(Version, ?TLS_1_2)->
try
Version = ssl_handshake:select_supported_version(ClientVersions, Versions),
do_hello(Version, Versions, CipherSuites, Hello, SslOpts, Info, Renegotiation)
Expand Down
16 changes: 14 additions & 2 deletions lib/ssl/test/tls_1_3_version_SUITE.erl
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,8 @@
legacy_tls12_client_tls_server/1,
legacy_tls12_server_tls_client/0,
legacy_tls12_server_tls_client/1,
tls13_client_tls11_server/0,
tls13_client_tls11_server/1,
middle_box_tls13_client/0,
middle_box_tls13_client/1,
middle_box_tls12_enabled_client/0,
Expand Down Expand Up @@ -113,7 +115,9 @@ legacy_tests() ->
tls_client_tls12_server,
tls10_client_tls_server,
tls11_client_tls_server,
tls12_client_tls_server].
tls12_client_tls_server,
tls13_client_tls11_server
].

init_per_suite(Config) ->
catch crypto:stop(),
Expand Down Expand Up @@ -460,7 +464,15 @@ client_cert_fail_alert_passive(Config) when is_list(Config) ->
ServerNode, Hostname),
alert_passive(ServerOpts, ClientOpts, setopts,
ServerNode, Hostname).


tls13_client_tls11_server() ->
[{doc,"Test that a TLS 1.3 client gets old server alert from TLS 1.0 server."}].
tls13_client_tls11_server(Config) when is_list(Config) ->
ClientOpts = [{versions, ['tlsv1.3']} | ssl_test_lib:ssl_options(client_cert_opts, Config)],
ServerOpts = [{versions, ['tlsv1']} | ssl_test_lib:ssl_options(server_cert_opts, Config)],
ssl_test_lib:basic_alert(ClientOpts, ServerOpts, Config, insufficient_security).


%%--------------------------------------------------------------------
%% Internal functions and callbacks -----------------------------------
%%--------------------------------------------------------------------
Expand Down

0 comments on commit a84ba97

Please sign in to comment.