Consider SSLv2 as TLS in order to close the handshake correctly

This commit is contained in:
Julien Salleyron 2020-02-25 17:50:05 +01:00 committed by GitHub
parent 1e7f34c271
commit 1557fda588
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -203,9 +203,17 @@ func clientHelloServerName(br *bufio.Reader) (string, bool, string, error) {
return "", false, "", err return "", false, "", err
} }
// No valid TLS record has a type of 0x80, however SSLv2 handshakes
// start with a uint16 length where the MSB is set and the first record
// is always < 256 bytes long. Therefore typ == 0x80 strongly suggests
// an SSLv2 client.
const recordTypeSSLv2 = 0x80
const recordTypeHandshake = 0x16 const recordTypeHandshake = 0x16
if hdr[0] != recordTypeHandshake { if hdr[0] != recordTypeHandshake {
// log.Errorf("Error not tls") if hdr[0] == recordTypeSSLv2 {
// we consider SSLv2 as TLS and it will be refuse by real TLS handshake.
return "", true, getPeeked(br), nil
}
return "", false, getPeeked(br), nil // Not TLS. return "", false, getPeeked(br), nil // Not TLS.
} }