diff options
author | Ingela Anderton Andin <[email protected]> | 2017-02-01 11:04:43 +0100 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2017-02-08 10:40:04 +0100 |
commit | db845bde0a37d4b28e5112270b4de502a54925c8 (patch) | |
tree | 51d9b6cd4d0c7b3b8777238e2b650bcc2138e723 /lib/ssl/test/ssl_handshake_SUITE.erl | |
parent | 2efa6a87b1045b62a831d61e1826522f1a3dd30f (diff) | |
download | otp-db845bde0a37d4b28e5112270b4de502a54925c8.tar.gz otp-db845bde0a37d4b28e5112270b4de502a54925c8.tar.bz2 otp-db845bde0a37d4b28e5112270b4de502a54925c8.zip |
ssl: Avoid SSL/TLS hello format confusion
Valid SSL 3.0 or TLS hellos might accidentally match SSL 2.0 format
(and sometimes the other way around before inspecting data)
so we need to match SSL 3.0 and TLS first and only match SSL 2.0
hellos when flag to support it is set.
Diffstat (limited to 'lib/ssl/test/ssl_handshake_SUITE.erl')
-rw-r--r-- | lib/ssl/test/ssl_handshake_SUITE.erl | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/ssl/test/ssl_handshake_SUITE.erl b/lib/ssl/test/ssl_handshake_SUITE.erl index 74b14145dd..0a50c98a28 100644 --- a/lib/ssl/test/ssl_handshake_SUITE.erl +++ b/lib/ssl/test/ssl_handshake_SUITE.erl @@ -33,6 +33,7 @@ %% Common Test interface functions ----------------------------------- %%-------------------------------------------------------------------- all() -> [decode_hello_handshake, + decode_hello_handshake_version_confusion, decode_single_hello_extension_correctly, decode_supported_elliptic_curves_hello_extension_correctly, decode_unknown_hello_extension_correctly, @@ -106,6 +107,14 @@ decode_hello_handshake(_Config) -> #renegotiation_info{renegotiated_connection = <<0>>} = (Hello#server_hello.extensions)#hello_extensions.renegotiation_info. + +decode_hello_handshake_version_confusion(_) -> + HelloPacket = <<3,3,0,0,0,0,0,63,210,235,149,6,244,140,108,13,177,74,16,218,33,108,219,41,73,228,3,82,132,123,73,144,118,100,0,0,32,192,4,0,10,192,45,192,38,0,47,192,18,0,163,0,22,0,165,192,29,192,18,192,30,0,103,0,57,192,48,0,47,1,0>>, + Version = {3,3}, + ClientHello = 1, + Hello = tls_handshake:decode_handshake({3,3}, ClientHello, HelloPacket, false), + Hello = tls_handshake:decode_handshake({3,3}, ClientHello, HelloPacket, true). + decode_single_hello_extension_correctly(_Config) -> Renegotiation = <<?UINT16(?RENEGOTIATION_EXT), ?UINT16(1), 0>>, Extensions = ssl_handshake:decode_hello_extensions(Renegotiation), |