diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-09-16 13:35:36 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-09-16 13:35:36 +0400 |
commit | 79a84d14babfe07a4f00d617b725bd6e4ec3c716 (patch) | |
tree | cd35302e016caf92ef7f8d65d08c383a47ec8e5a /core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java | |
parent | a48e5f6ed184dfbb2fca49b824ec39b07f49e09d (diff) |
SSLv3 clients that refuse renegotiation SHOULD use a fatal
handshake_failure alert.
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java')
-rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java index 19d479af..a9c0b945 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java @@ -506,6 +506,15 @@ public class TlsClientProtocol */ if (this.connection_state == CS_END) { + /* + * RFC 5746 4.5 SSLv3 clients that refuse renegotiation SHOULD use a fatal + * handshake_failure alert. + */ + if (getContext().getServerVersion().isSSL()) + { + throw new TlsFatalAlert(AlertDescription.handshake_failure); + } + String message = "Renegotiation not supported"; raiseWarning(AlertDescription.no_renegotiation, message); } @@ -807,7 +816,7 @@ public class TlsClientProtocol * or the TLS_EMPTY_RENEGOTIATION_INFO_SCSV signaling cipher suite value in the * ClientHello. Including both is NOT RECOMMENDED. */ - byte[] renegExtData = TlsUtils.getExtensionData(clientExtensions, TlsProtocol.EXT_RenegotiationInfo); + byte[] renegExtData = TlsUtils.getExtensionData(clientExtensions, EXT_RenegotiationInfo); boolean noRenegExt = (null == renegExtData); boolean noSCSV = !TlsProtocol.arrayContains(offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV); |