diff options
author | Adam Langley <agl@golang.org> | 2012-09-22 05:54:46 +1000 |
---|---|---|
committer | Adam Langley <agl@golang.org> | 2012-09-22 05:54:46 +1000 |
commit | a3ab361b9cd91d0e827d0fb76fd4f020bd8d2c20 (patch) | |
tree | afb48568d82b9547793345e663ed58235e9c3de2 | |
parent | 7feabb4b94c90add05d6f1e13712e379430921a0 (diff) | |
download | go-a3ab361b9cd91d0e827d0fb76fd4f020bd8d2c20.tar.gz go-a3ab361b9cd91d0e827d0fb76fd4f020bd8d2c20.zip |
[release-branch.go1] crypto/tls: return better error message in the case of an SSLv2 handshake.
««« backport 8048fe8f6f4b
crypto/tls: return better error message in the case of an SSLv2 handshake.
Update #3930
Return a better error message in this situation.
R=golang-dev, r
CC=golang-dev
https://golang.org/cl/6474055
»»»
-rw-r--r-- | src/pkg/crypto/tls/conn.go | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/pkg/crypto/tls/conn.go b/src/pkg/crypto/tls/conn.go index 2a5115dc6a..455910af41 100644 --- a/src/pkg/crypto/tls/conn.go +++ b/src/pkg/crypto/tls/conn.go @@ -487,6 +487,16 @@ Again: return err } typ := recordType(b.data[0]) + + // No valid TLS record has a type of 0x80, however SSLv2 handshakes + // start with a uint16 length where the MSB is set and the first record + // is always < 256 bytes long. Therefore typ == 0x80 strongly suggests + // an SSLv2 client. + if want == recordTypeHandshake && typ == 0x80 { + c.sendAlert(alertProtocolVersion) + return errors.New("tls: unsupported SSLv2 handshake received") + } + vers := uint16(b.data[1])<<8 | uint16(b.data[2]) n := int(b.data[3])<<8 | int(b.data[4]) if c.haveVers && vers != c.vers { |