()
| 214 | } |
| 215 | |
| 216 | func (hs *serverHandshakeState) processClientHello() error { |
| 217 | c := hs.c |
| 218 | |
| 219 | hs.hello = new(serverHelloMsg) |
| 220 | hs.hello.vers = c.vers |
| 221 | |
| 222 | foundCompression := false |
| 223 | // We only support null compression, so check that the client offered it. |
| 224 | for _, compression := range hs.clientHello.compressionMethods { |
| 225 | if compression == compressionNone { |
| 226 | foundCompression = true |
| 227 | break |
| 228 | } |
| 229 | } |
| 230 | |
| 231 | if !foundCompression { |
| 232 | c.sendAlert(alertIllegalParameter) |
| 233 | return errors.New("tls: client does not support uncompressed connections") |
| 234 | } |
| 235 | |
| 236 | hs.hello.random = make([]byte, 32) |
| 237 | serverRandom := hs.hello.random |
| 238 | // Downgrade protection canaries. See RFC 8446, Section 4.1.3. |
| 239 | maxVers := c.config.maxSupportedVersion(roleServer) |
| 240 | if maxVers >= VersionTLS12 && c.vers < maxVers || testingOnlyForceDowngradeCanary { |
| 241 | if c.vers == VersionTLS12 { |
| 242 | copy(serverRandom[24:], downgradeCanaryTLS12) |
| 243 | } else { |
| 244 | copy(serverRandom[24:], downgradeCanaryTLS11) |
| 245 | } |
| 246 | serverRandom = serverRandom[:24] |
| 247 | } |
| 248 | _, err := io.ReadFull(c.config.rand(), serverRandom) |
| 249 | if err != nil { |
| 250 | c.sendAlert(alertInternalError) |
| 251 | return err |
| 252 | } |
| 253 | |
| 254 | if len(hs.clientHello.secureRenegotiation) != 0 { |
| 255 | c.sendAlert(alertHandshakeFailure) |
| 256 | return errors.New("tls: initial handshake had non-empty renegotiation extension") |
| 257 | } |
| 258 | |
| 259 | hs.hello.extendedMasterSecret = hs.clientHello.extendedMasterSecret |
| 260 | hs.hello.secureRenegotiationSupported = hs.clientHello.secureRenegotiationSupported |
| 261 | hs.hello.compressionMethod = compressionNone |
| 262 | if len(hs.clientHello.serverName) > 0 { |
| 263 | c.serverName = hs.clientHello.serverName |
| 264 | } |
| 265 | |
| 266 | selectedProto, err := negotiateALPN(c.config.NextProtos, hs.clientHello.alpnProtocols, false) |
| 267 | if err != nil { |
| 268 | c.sendAlert(alertNoApplicationProtocol) |
| 269 | return err |
| 270 | } |
| 271 | hs.hello.alpnProtocol = selectedProto |
| 272 | c.clientProtocol = selectedProto |
| 273 |
no test coverage detected