MCPcopy
hub / github.com/XTLS/REALITY / processServerHello

Method processServerHello

handshake_client.go:882–967  ·  view source on GitHub ↗
()

Source from the content-addressed store, hash-verified

880}
881
882func (hs *clientHandshakeState) processServerHello() (bool, error) {
883 c := hs.c
884
885 if err := hs.pickCipherSuite(); err != nil {
886 return false, err
887 }
888
889 if hs.serverHello.compressionMethod != compressionNone {
890 c.sendAlert(alertIllegalParameter)
891 return false, errors.New("tls: server selected unsupported compression format")
892 }
893
894 supportsPointFormat := false
895 offeredNonCompressedFormat := false
896 for _, format := range hs.serverHello.supportedPoints {
897 if format == pointFormatUncompressed {
898 supportsPointFormat = true
899 } else {
900 offeredNonCompressedFormat = true
901 }
902 }
903 if !supportsPointFormat && offeredNonCompressedFormat {
904 return false, errors.New("tls: server offered only incompatible point formats")
905 }
906
907 if c.handshakes == 0 && hs.serverHello.secureRenegotiationSupported {
908 c.secureRenegotiation = true
909 if len(hs.serverHello.secureRenegotiation) != 0 {
910 c.sendAlert(alertHandshakeFailure)
911 return false, errors.New("tls: initial handshake had non-empty renegotiation extension")
912 }
913 }
914
915 if c.handshakes > 0 && c.secureRenegotiation {
916 var expectedSecureRenegotiation [24]byte
917 copy(expectedSecureRenegotiation[:], c.clientFinished[:])
918 copy(expectedSecureRenegotiation[12:], c.serverFinished[:])
919 if !bytes.Equal(hs.serverHello.secureRenegotiation, expectedSecureRenegotiation[:]) {
920 c.sendAlert(alertHandshakeFailure)
921 return false, errors.New("tls: incorrect renegotiation extension contents")
922 }
923 }
924
925 if err := checkALPN(hs.hello.alpnProtocols, hs.serverHello.alpnProtocol, false); err != nil {
926 c.sendAlert(alertUnsupportedExtension)
927 return false, err
928 }
929 c.clientProtocol = hs.serverHello.alpnProtocol
930
931 c.scts = hs.serverHello.scts
932
933 if !hs.serverResumedSession() {
934 return false, nil
935 }
936
937 if hs.session.version != c.vers {
938 c.sendAlert(alertHandshakeFailure)
939 return false, errors.New("tls: server resumed a session with a different version")

Callers 1

handshakeMethod · 0.95

Calls 4

pickCipherSuiteMethod · 0.95
serverResumedSessionMethod · 0.95
checkALPNFunction · 0.85
sendAlertMethod · 0.80

Tested by

no test coverage detected