Merge pull request #390 from tomato42/obsolete-curves

tomato42 · web-flow · commit 5a25a9781384 · 2020-01-16T17:30:34.000+01:00
check if client doesn't advertise in TLS 1.3 groups forbidden in TLS 1.3
diff --git a/tlslite/constants.py b/tlslite/constants.py
@@ -357,6 +357,13 @@ def toRepr(cls, value, blacklist=None):
         return super(GroupName, cls).toRepr(value, blacklist)
 
 
+# groups forbidden by RFC 8446 section B.3.1.4
+TLS_1_3_FORBIDDEN_GROUPS = frozenset().union(
+    range(1, 0x17),
+    range(0x1A, 0x1D),
+    (0xff01, 0xff02))
+
+
 class ECPointFormat(TLSEnum):
     """Names and ID's of supported EC point formats."""
 
diff --git a/tlslite/tlsconnection.py b/tlslite/tlsconnection.py
@@ -3115,6 +3115,14 @@ def _serverGetClientHello(self, settings, private_key, cert_chain,
                             "Empty key_share extension"):
                         yield result
 
+                # check supported_groups
+                if TLS_1_3_FORBIDDEN_GROUPS.intersection(sup_groups.groups):
+                    for result in self._sendError(
+                            AlertDescription.illegal_parameter,
+                            "Client advertised in TLS 1.3 Client Hello a key "
+                            "exchange group forbidden in TLS 1.3"):
+                        yield result
+
                 # Check key_share
                 mismatch = next((i for i in key_share.client_shares
                                  if i.group not in sup_groups.groups), None)
