X-Git-Url: https://bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=src%2Fssl%2Fssl_hs_server.t0;h=c155e793cbcbd8097fa104066b76db4b78d5b0d2;hp=5069a636315b0d3755807391a16dd8ae7b3a265a;hb=7561e7d6c86171257a4153d95202b0791b3612a8;hpb=3210f38e0491b39aec1ef419cb4114e9483089fb

diff --git a/src/ssl/ssl_hs_server.t0 b/src/ssl/ssl_hs_server.t0
index 5069a63..c155e79 100644
--- a/src/ssl/ssl_hs_server.t0
+++ b/src/ssl/ssl_hs_server.t0
@@ -526,6 +526,17 @@ cc: save-session ( -- ) {
 			-1 >reneg-scsv
 		then
 
+		\ Special handling for TLS_FALLBACK_SCSV. If the client
+		\ maximum version is less than our own maximum version,
+		\ then this is an undue downgrade. We mark it by setting
+		\ the client max version to 0x10000.
+		dup 0x5600 = if
+			client-version-max addr-version_min get16 >=
+			client-version-max addr-version_max get16 < and if
+				-1 >client-version-max
+			then
+		then
+
 		\ Test whether the suite is supported by the server.
 		scan-suite dup 0< if
 			\ We do not support this cipher suite. Note
@@ -598,12 +609,12 @@ cc: save-session ( -- ) {
 					read-supported-curves
 				endof
 				\ Supported Point Formats.
-				0x000B of
-					\ We only support "uncompressed", and
-					\ all implementations are supposed to
-					\ support it anyway.
-					read-ignore-16
-				endof
+				\ We only support "uncompressed", that all
+				\ implementations are supposed to support,
+				\ so we can simply ignore that extension.
+				\ 0x000B of
+				\ 	read-ignore-16
+				\ endof
 
 				\ Other extensions are ignored.
 				drop read-ignore-16 0
@@ -626,6 +637,13 @@ cc: save-session ( -- ) {
 	\ 0x0300 (SSL-3.0), then fail. Otherwise, we may at least send an
 	\ alert with that version. We still reject versions lower than our
 	\ configured minimum.
+	\ As a special case, in case of undue downgrade, we send a specific
+	\ alert (see RFC 7507). Note that this case may happen only if
+	\ we would otherwise accept the client's version.
+	client-version-max 0< if
+		addr-client_max_version get16 addr-version_out set16
+		86 fail-alert
+	then
 	addr-version_max get16
 	dup client-version-max > if drop client-version-max then
 	dup 0x0300 < if ERR_BAD_VERSION fail then