]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d382f14)
crypto/tls: update TLS 1.3 client compression validation
authorDaniel McCarney <daniel@binaryparadox.net>
Tue, 29 Apr 2025 19:10:10 +0000 (15:10 -0400)
committerDaniel McCarney <daniel@binaryparadox.net>
Fri, 9 May 2025 20:38:31 +0000 (13:38 -0700)
Unlike in earlier TLS versions, in TLS 1.3 when processing a server
hello the legacy_compression_method MUST have the value 0. It is no
longer a parameter that offers a choice of compression method.

With this in mind, it seems more appropriate to return a decode error
when we encounter a non-zero compression method in a server hello
message. We haven't found a parameter value we reject, we've found
a message that doesn't decode according to its specification.

Making this change also aligns with BoringSSL and allows enabling the
TLS13-HRR-InvalidCompressionMethod bogo test.

Updates #72006

Change-Id: I27a2cd231e4b8762b0d9e2dbd3d8ddd5b87fd5c4
Reviewed-on: https://go-review.googlesource.com/c/go/+/669156
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
src/crypto/tls/bogo_config.json patch | blob | history
src/crypto/tls/handshake_client_tls13.go patch | blob | history

diff --git a/src/crypto/tls/bogo_config.json b/src/crypto/tls/bogo_config.json
index 7184f56b05884aed5e44bd2211bb33c54cb975d7..81601d22c042707de30ca8b229f4e2b61570364f 100644 (file)
--- a/src/crypto/tls/bogo_config.json
+++ b/src/crypto/tls/bogo_config.json
@@ -64,7 +64,6 @@
         "SupportTicketsWithSessionID": "TODO: first pass, this should be fixed",
         "NoNullCompression-TLS12": "TODO: first pass, this should be fixed",
         "KeyUpdate-RequestACK": "TODO: first pass, this should be fixed",
-        "TLS13-HRR-InvalidCompressionMethod": "TODO: first pass, this should be fixed",
         "TLS-TLS12-RSA_WITH_AES_128_GCM_SHA256-LargeRecord": "TODO: first pass, this should be fixed",
         "TLS-TLS1-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
         "TLS-TLS11-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
diff --git a/src/crypto/tls/handshake_client_tls13.go b/src/crypto/tls/handshake_client_tls13.go
index 66dc76f72d6e6fc624b63dd473ce6488b584d1f9..444c6f311ce1e3f78e5332442a069c8f7ba9f29a 100644 (file)
--- a/src/crypto/tls/handshake_client_tls13.go
+++ b/src/crypto/tls/handshake_client_tls13.go
@@ -197,8 +197,8 @@ func (hs *clientHandshakeStateTLS13) checkServerHelloOrHRR() error {
        }
 
        if hs.serverHello.compressionMethod != compressionNone {
-               c.sendAlert(alertIllegalParameter)
-               return errors.New("tls: server selected unsupported compression format")
+               c.sendAlert(alertDecodeError)
+               return errors.New("tls: server sent non-zero legacy TLS compression method")
        }
 
        selectedSuite := mutualCipherSuiteTLS13(hs.hello.cipherSuites, hs.serverHello.cipherSuite)
Go GOST TLS 1.3