Add test for renego client_version quirk.
In upstream's f4e1169341ad1217e670387db5b0c12d680f95f4, the client_version was
made constant across renegotiations, even if the server negotiated a lower
version. NSS has the same quirk, reportedly for SChannel:
https://code.google.com/p/chromium/codesearch#chromium/src/net/third_party/nss/ssl/ssl3con.c&sq=package:chromium&l=5103
Add a test to ensure we do not regress this.
Change-Id: I214e062463c203b86a9bab00f8503442e1bf74fe
Reviewed-on: https://boringssl-review.googlesource.com/2405
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 8d60d8f..cc034c6 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -717,14 +717,8 @@
* client_version in client hello and not resetting it to
* the negotiated version.
*/
-#if 0
- *(p++)=s->version>>8;
- *(p++)=s->version&0xff;
- s->client_version=s->version;
-#else
*(p++)=s->client_version>>8;
*(p++)=s->client_version&0xff;
-#endif
/* Random stuff */
memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index 02ee7e2..628c208 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -577,6 +577,11 @@
// CertificateRequest message. None the less, the configured set will
// still be enforced.
NoSignatureAndHashes bool
+
+ // RequireSameRenegoClientVersion, if true, causes the server
+ // to require that all ClientHellos match in offered version
+ // across a renego.
+ RequireSameRenegoClientVersion bool
}
func (c *Config) serverInit() {
diff --git a/ssl/test/runner/conn.go b/ssl/test/runner/conn.go
index 94d7434..177e458 100644
--- a/ssl/test/runner/conn.go
+++ b/ssl/test/runner/conn.go
@@ -58,6 +58,8 @@
srtpProtectionProfile uint16
+ clientVersion uint16
+
// input/output
in, out halfConn // in.Mutex < out.Mutex
rawInput *block // raw input, right off the wire
diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index ec79b79..4bdede1 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@@ -162,6 +162,13 @@
hs.clientHello = newClientHello
}
+ if config.Bugs.RequireSameRenegoClientVersion && c.clientVersion != 0 {
+ if c.clientVersion != hs.clientHello.vers {
+ return false, fmt.Errorf("tls: client offered different version on renego")
+ }
+ }
+ c.clientVersion = hs.clientHello.vers
+
c.vers, ok = config.mutualVersion(hs.clientHello.vers)
if !ok {
c.sendAlert(alertProtocolVersion)
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 79f8ee0..7356388 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -2109,6 +2109,16 @@
},
renegotiateCiphers: []uint16{TLS_RSA_WITH_RC4_128_SHA},
})
+ testCases = append(testCases, testCase{
+ name: "Renegotiate-SameClientVersion",
+ renegotiate: true,
+ config: Config{
+ MaxVersion: VersionTLS10,
+ Bugs: ProtocolBugs{
+ RequireSameRenegoClientVersion: true,
+ },
+ },
+ })
}
func addDTLSReplayTests() {
