From: Daniel McCarney <daniel@binaryparadox.net>
Date: Fri, 16 May 2025 17:44:53 +0000 (-0400)
Subject: crypto/tls: match compression method alert across versions
X-Git-Tag: go1.25rc1~122
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=deb9a7e4ad8552a5f366877e626c223dea0e9d9b;p=gostls13.git

crypto/tls: match compression method alert across versions

When a pre-TLS 1.3 server processes a client hello message that
indicates compression methods that don't include the null compression
method, send an illegal parameter alert.

Previously we did this for TLS 1.3 server handshakes only, and the
legacy TLS versions used alertHandshakeFailure for this circumstance. By
switching this to alertIllegalParameter we use a consistent alert across
all TLS versions, and can also enable the NoNullCompression-TLS12 BoGo
test we were skipping.

Updates #72006

Change-Id: I27a2cd231e4b8762b0d9e2dbd3d8ddd5b87fd5ce
Reviewed-on: https://go-review.googlesource.com/c/go/+/673736
TryBot-Bypass: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: David Chase <drchase@google.com>
---

diff --git a/src/crypto/tls/bogo_config.json b/src/crypto/tls/bogo_config.json
index ba1dce8761..64781b3fba 100644
--- a/src/crypto/tls/bogo_config.json
+++ b/src/crypto/tls/bogo_config.json
@@ -63,7 +63,6 @@
         "CheckLeafCurve": "TODO: first pass, this should be fixed",
         "DisabledCurve-HelloRetryRequest-TLS13": "TODO: first pass, this should be fixed",
         "SupportTicketsWithSessionID": "TODO: first pass, this should be fixed",
-        "NoNullCompression-TLS12": "TODO: first pass, this should be fixed",
         "KeyUpdate-RequestACK": "TODO: first pass, this should be fixed",
         "SupportedVersionSelection-TLS12": "TODO: first pass, this should be fixed",
         "DuplicateExtensionServer-TLS-TLS1": "TODO: first pass, this should be fixed",
diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go
index c2c924c07b..d7fadcbd59 100644
--- a/src/crypto/tls/handshake_server.go
+++ b/src/crypto/tls/handshake_server.go
@@ -233,7 +233,7 @@ func (hs *serverHandshakeState) processClientHello() error {
 	}
 
 	if !foundCompression {
-		c.sendAlert(alertHandshakeFailure)
+		c.sendAlert(alertIllegalParameter)
 		return errors.New("tls: client does not support uncompressed connections")
 	}