From eaf590c63239c628dc1ebf071215b6aa6c6a3a94 Mon Sep 17 00:00:00 2001 From: Peter Wu Date: Sat, 11 Aug 2018 13:06:13 +0200 Subject: tls13/scan: advertise draft versions even with final TLS 1.3 If the final 1.3 version is not supported, negotiation could fail if TLS 1.2 is not allowed. This is the case with tls13.crypto.mozilla.org. --- tls13scan/scan.go | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/tls13scan/scan.go b/tls13scan/scan.go index ff55562..f47d217 100644 --- a/tls13scan/scan.go +++ b/tls13scan/scan.go @@ -59,8 +59,12 @@ func addExtension(b *cryptobyte.Builder, extType uint16, f cryptobyte.BuilderCon func buildClientHelloRecord(host string, minVersion, maxVersion uint16) ([]byte, error) { var b cryptobyte.Builder + useTLS13x304 := maxVersion == versionTLS13 - if minVersion > maxVersion && maxVersion != versionTLS13 { + if useTLS13x304 { + maxVersion = versionTLS13Draft28 + } + if minVersion > maxVersion { panic("failed: minVersion <= maxVersion") } @@ -107,12 +111,12 @@ func buildClientHelloRecord(host string, minVersion, maxVersion uint16) ([]byte, addExtension(b, extSupportedVersions, func(b *cryptobyte.Builder) { // Advertise all draft versions b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) { + if useTLS13x304 { + b.AddUint16(versionTLS13) + } for i := maxVersion; i >= minVersion; i -= 1 { b.AddUint16(i) } - if maxVersion == versionTLS13 { - b.AddUint16(versionTLS13) - } // if this is not added, TLS 1.3 // implementations that do not // want to negotiate 1.3 fail @@ -313,9 +317,12 @@ func main() { break } fmt.Printf("%s version: %#x - %s\n", address, version, versionToString(version)) - if maxVersion == versionTLS13 { - maxVersion = versionTLS13Draft28 + if version == 0 { + // version is supplied by the server, must check. + break } else { + // Assume that the server selected its maximum supported + // (draft) version. Probe for the next (lower) version. maxVersion = version - 1 } } -- cgit v1.2.1