()
| 169 | } |
| 170 | |
| 171 | func (hs *serverHandshakeState) processClientHello() error { |
| 172 | c := hs.c |
| 173 | |
| 174 | hs.hello = new(serverHelloMsg) |
| 175 | hs.hello.vers = c.vers |
| 176 | |
| 177 | foundCompression := false |
| 178 | // We only support null compression, so check that the client offered it. |
| 179 | for _, compression := range hs.clientHello.compressionMethods { |
| 180 | if compression == compressionNone { |
| 181 | foundCompression = true |
| 182 | break |
| 183 | } |
| 184 | } |
| 185 | |
| 186 | if !foundCompression { |
| 187 | c.sendAlert(alertHandshakeFailure) |
| 188 | return errors.New("tls: client does not support uncompressed connections") |
| 189 | } |
| 190 | |
| 191 | hs.hello.random = make([]byte, 32) |
| 192 | serverRandom := hs.hello.random |
| 193 | // Downgrade protection canaries. See RFC 8446, Section 4.1.3. |
| 194 | maxVers := c.config.maxSupportedVersion(roleClient) |
| 195 | if maxVers >= VersionTLS12 && c.vers < maxVers || testingOnlyForceDowngradeCanary { |
| 196 | if c.vers == VersionTLS12 { |
| 197 | copy(serverRandom[24:], downgradeCanaryTLS12) |
| 198 | } else { |
| 199 | copy(serverRandom[24:], downgradeCanaryTLS11) |
| 200 | } |
| 201 | serverRandom = serverRandom[:24] |
| 202 | } |
| 203 | _, err := io.ReadFull(c.config.rand(), serverRandom) |
| 204 | if err != nil { |
| 205 | c.sendAlert(alertInternalError) |
| 206 | return err |
| 207 | } |
| 208 | |
| 209 | if len(hs.clientHello.secureRenegotiation) != 0 { |
| 210 | c.sendAlert(alertHandshakeFailure) |
| 211 | return errors.New("tls: initial handshake had non-empty renegotiation extension") |
| 212 | } |
| 213 | |
| 214 | hs.hello.secureRenegotiationSupported = hs.clientHello.secureRenegotiationSupported |
| 215 | hs.hello.compressionMethod = compressionNone |
| 216 | if len(hs.clientHello.serverName) > 0 { |
| 217 | c.serverName = hs.clientHello.serverName |
| 218 | } |
| 219 | |
| 220 | selectedProto, err := negotiateALPN(c.config.NextProtos, hs.clientHello.alpnProtocols) |
| 221 | if err != nil { |
| 222 | c.sendAlert(alertNoApplicationProtocol) |
| 223 | return err |
| 224 | } |
| 225 | hs.hello.alpnProtocol = selectedProto |
| 226 | c.clientProtocol = selectedProto |
| 227 | |
| 228 | hs.cert, err = c.config.getCertificate(clientHelloInfo(hs.ctx, c, hs.clientHello)) |
no test coverage detected