Remove restrictive proto ver negotiation checks

Overly restrictive protocol version negotiation checks might be "version intolerant". TLS 1.3 and DTLS 1.3 move the version to the "supported_versions" ClientHello extension. Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-13 14:59:34 -04:00 · 2022-04-13 14:59:34 -04:00 · 8315811ea7
commit 8315811ea7
parent bbdc83b55b
2 changed files with 6 additions and 16 deletions
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@ -1121,7 +1121,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
 static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
 {
    const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
-    mbedtls_ssl_protocol_version tls_version;
+    uint16_t dtls_legacy_version;
    unsigned char cookie_len;

    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse hello verify request" ) );
@ -1146,15 +1146,15 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
     * } HelloVerifyRequest;
     */
    MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
-    tls_version = mbedtls_ssl_read_version( p, ssl->conf->transport );
+    dtls_legacy_version = MBEDTLS_GET_UINT16_BE( p, 0 );
    p += 2;

    /*
-     * Since the RFC is not clear on this point, accept DTLS 1.0 (TLS 1.1)
-     * even if lower than our min version.
+     * Since the RFC is not clear on this point, accept DTLS 1.0 (0xfeff)
+     * The DTLS 1.3 (current draft) renames ProtocolVersion server_version to
+     * legacy_version and locks the value of legacy_version to 0xfefd (DTLS 1.2)
     */
-    if( tls_version < 0x0302 || /* TLSv1.1 */
-        tls_version > ssl->conf->max_tls_version )
+    if( dtls_legacy_version != 0xfefd && dtls_legacy_version != 0xfeff )
    {
        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server version" ) );

--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@ -1202,16 +1202,6 @@ read_record_header:
    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, protocol version: [%d:%d]",
                   buf[1], buf[2] ) );

-    /* According to RFC 5246 Appendix E.1, the version here is typically
-     * "{03,00}, the lowest version number supported by the client, [or] the
-     * value of ClientHello.client_version", so the only meaningful check here
-     * is the major version shouldn't be less than 3 */
-    if( mbedtls_ssl_read_version( buf + 1, ssl->conf->transport ) < 0x0300 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        return( MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
-    }
-
    /* For DTLS if this is the initial handshake, remember the client sequence
     * number to use it in our next message (RFC 6347 4.2.1) */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)