Add a test for TLSv1.3 fallback

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6894)

diff --git a/test/recipes/70-test_tls13downgrade.t b/test/recipes/70-test_tls13downgrade.t
index dbf011cb2bb32e18b36e99ca79991d4f14f8b9a5..cc5fb16d2b91198dd3a1f8e49d7e446c3f0d90d7 100644 (file)
--- a/test/recipes/70-test_tls13downgrade.t
+++ b/test/recipes/70-test_tls13downgrade.t
@@ -41,14 +41,15 @@ my $proxy = TLSProxy::Proxy->new(
 
 use constant {
     DOWNGRADE_TO_TLS_1_2 => 0,
-    DOWNGRADE_TO_TLS_1_1 => 1
+    DOWNGRADE_TO_TLS_1_1 => 1,
+    FALLBACK_FROM_TLS_1_3 => 2,
 };
 
 #Test 1: Downgrade from TLSv1.3 to TLSv1.2
 $proxy->filter(\&downgrade_filter);
 my $testtype = DOWNGRADE_TO_TLS_1_2;
 $proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-plan tests => 3;
+plan tests => 4;
 ok(TLSProxy::Message->fail(), "Downgrade TLSv1.3 to TLSv1.2");
 
 #Test 2: Downgrade from TLSv1.3 to TLSv1.1
@@ -64,6 +65,18 @@ $proxy->serverflags("-no_tls1_3");
 $proxy->start();
 ok(TLSProxy::Message->fail(), "Downgrade TLSv1.2 to TLSv1.1");
 
+#Test 4: Client falls back from TLSv1.3 (server does not support the fallback
+#        SCSV)
+$proxy->clear();
+$testtype = FALLBACK_FROM_TLS_1_3;
+$proxy->clientflags("-fallback_scsv -no_tls1_3");
+$proxy->start();
+my $alert = TLSProxy::Message->alert();
+ok(TLSProxy::Message->fail()
+   && !$alert->server()
+   && $alert->description() == TLSProxy::Message::AL_DESC_ILLEGAL_PARAMETER,
+   "Fallback from TLSv1.3");
+
 sub downgrade_filter
 {
     my $proxy = shift;
@@ -76,18 +89,25 @@ sub downgrade_filter
     my $message = ${$proxy->message_list}[0];
 
     my $ext;
-    if ($testtype == DOWNGRADE_TO_TLS_1_2) {
-        $ext = pack "C3",
-            0x02, # Length
-            0x03, 0x03; #TLSv1.2
+    if ($testtype == FALLBACK_FROM_TLS_1_3) {
+        #The default ciphersuite we use for TLSv1.2 without any SCSV
+        my @ciphersuites = (TLSProxy::Message::CIPHER_RSA_WITH_AES_128_CBC_SHA);
+        $message->ciphersuite_len(2 * scalar @ciphersuites);
+        $message->ciphersuites(\@ciphersuites);
     } else {
-        $ext = pack "C3",
-            0x02, # Length
-            0x03, 0x02; #TLSv1.1
+        if ($testtype == DOWNGRADE_TO_TLS_1_2) {
+            $ext = pack "C3",
+                0x02, # Length
+                0x03, 0x03; #TLSv1.2
+        } else {
+            $ext = pack "C3",
+                0x02, # Length
+                0x03, 0x02; #TLSv1.1
+        }
+
+        $message->set_extension(TLSProxy::Message::EXT_SUPPORTED_VERSIONS, $ext);
     }
 
-    $message->set_extension(TLSProxy::Message::EXT_SUPPORTED_VERSIONS, $ext);
-
     $message->repack();
 }
 

diff --git a/util/perl/TLSProxy/Message.pm b/util/perl/TLSProxy/Message.pm
index 44952ad0fce7fce88f29a8630d880d3633e17e46..dae6daa696456f34884943332a5bd35fdbfd3867 100644 (file)
--- a/util/perl/TLSProxy/Message.pm
+++ b/util/perl/TLSProxy/Message.pm
@@ -41,6 +41,7 @@ use constant {
 use constant {
     AL_DESC_CLOSE_NOTIFY => 0,
     AL_DESC_UNEXPECTED_MESSAGE => 10,
+    AL_DESC_ILLEGAL_PARAMETER => 47,
     AL_DESC_NO_RENEGOTIATION => 100
 };
 
@@ -125,6 +126,7 @@ use constant {
 };
 
 use constant {
+    CIPHER_RSA_WITH_AES_128_CBC_SHA => 0x002f,
     CIPHER_DHE_RSA_AES_128_SHA => 0x0033,
     CIPHER_ADH_AES_128_SHA => 0x0034,
     CIPHER_TLS13_AES_128_GCM_SHA256 => 0x1301,