RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 09:57:35 +00:00
Code Issues Activity Actions

LibTLS: Treat a close_notify before agreeing on a cipher suite as a handshake failure

Browse source 
Some TLS implementations (namely, AWS CloudFront) do this instead of
sending handshake_failure for some reason.
This commit is contained in:
Luke 2020-10-25 21:09:10 +00:00 committed by Andreas Kling
parent 328e481ee9
commit 63a94deb43
1 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
Libraries/LibTLS/Record.cpp
View file

@ -315,6 +315,12 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
res += 2; res += 2;
alert(AlertLevel::Critical, AlertDescription::CloseNotify); alert(AlertLevel::Critical, AlertDescription::CloseNotify);
m_context.connection_finished = true; m_context.connection_finished = true;
if (!m_context.cipher_spec_set) {
// AWS CloudFront hits this.
dbg() << "Server sent a close notify and we haven't agreed on a cipher suite. Treating it as a handshake failure.";
m_context.critical_error = (u8)AlertDescription::HandshakeFailure;
try_disambiguate_error();
}
} }
m_context.error_code = (Error)code; m_context.error_code = (Error)code;
} }