Only send sigalgs extension in 1.2-capable ClientHellos.
BUG=https://code.google.com/p/webrtc/issues/detail?id=4223
Change-Id: I88eb036fdc6da17bc6a5179df02f35486abe9add
Reviewed-on: https://boringssl-review.googlesource.com/3030
Reviewed-by: Adam Langley <agl@google.com>
(cherry picked from commit 6ae7f072e3b220b17ca5182226de882d10080f50)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 5975f70..39627eb 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -954,7 +954,7 @@
}
}
- if (SSL_USE_SIGALGS(s)) {
+ if (ssl3_version_from_wire(s, s->client_version) >= TLS1_2_VERSION) {
size_t salglen;
const uint8_t *salg;
salglen = tls12_get_psigalgs(s, &salg);
diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index 284f314..2b1b552 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@@ -172,6 +172,11 @@
}
c.clientVersion = hs.clientHello.vers
+ // Reject < 1.2 ClientHellos with signature_algorithms.
+ if c.clientVersion < VersionTLS12 && len(hs.clientHello.signatureAndHashes) > 0 {
+ return false, fmt.Errorf("tls: client included signature_algorithms before TLS 1.2")
+ }
+
c.vers, ok = config.mutualVersion(hs.clientHello.vers)
if !ok {
c.sendAlert(alertProtocolVersion)