commit fb0f47b1f8c7dc79a4ac550747796f02b76949b9
author Yanray Wang <yanray.wang@arm.com> Mon Dec 04 15:27:28 2023 +0800
committer Yanray Wang <yanray.wang@arm.com> Mon Dec 04 17:50:36 2023 +0800
tree de1c9dcad724543c9adc63ef84ac8c0fcb5f5086
parent 857d29f29aa6699603fad340c15462303cf4f1fa

tls13: srv: check tls version in ClientHello with min_tls_version

When server is configured as TLS 1.3 only and receives ClientHello
from a TLS 1.2 only client, it's expected to abort the handshake
instead of downgrading protocol to TLS 1.2 and continuing handshake.
This commit adds a check to make sure server min_tls_version always
larger than received version in ClientHello.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>

library/ssl_tls13_server.c

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index d983a00..b3f25b5 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1920,6 +1920,15 @@
      * will dispatch to the TLS 1.2 state machine.
      */
     if (SSL_CLIENT_HELLO_TLS1_2 == parse_client_hello_ret) {
+        /* Check if server supports TLS 1.2 */
+        if (ssl->conf->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2) {
+            MBEDTLS_SSL_DEBUG_MSG(
+                1, ("Unsupported version of TLS 1.2 was received"));
+            MBEDTLS_SSL_PEND_FATAL_ALERT(
+                MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+                MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
+            return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
+        }
         ssl->keep_current_message = 1;
         ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
         return 0;