From fb0f47b1f8c7dc79a4ac550747796f02b76949b9 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 4 Dec 2023 15:27:28 +0800 Subject: [PATCH] tls13: srv: check tls version in ClientHello with min_tls_version When server is configured as TLS 1.3 only and receives ClientHello from a TLS 1.2 only client, it's expected to abort the handshake instead of downgrading protocol to TLS 1.2 and continuing handshake. This commit adds a check to make sure server min_tls_version always larger than received version in ClientHello. Signed-off-by: Yanray Wang --- library/ssl_tls13_server.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index d983a00395..b3f25b5e87 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1920,6 +1920,15 @@ static int ssl_tls13_process_client_hello(mbedtls_ssl_context *ssl) * will dispatch to the TLS 1.2 state machine. */ if (SSL_CLIENT_HELLO_TLS1_2 == parse_client_hello_ret) { + /* Check if server supports TLS 1.2 */ + if (ssl->conf->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2) { + MBEDTLS_SSL_DEBUG_MSG( + 1, ("Unsupported version of TLS 1.2 was received")); + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); + return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; + } ssl->keep_current_message = 1; ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; return 0;