342 shc.handshakeHash.determine( |
342 shc.handshakeHash.determine( |
343 shc.negotiatedProtocol, shc.negotiatedCipherSuite); |
343 shc.negotiatedProtocol, shc.negotiatedCipherSuite); |
344 } |
344 } |
345 |
345 |
346 // Generate the ServerHello handshake message. |
346 // Generate the ServerHello handshake message. |
347 // TODO: not yet consider downgrade protection. |
|
348 ServerHelloMessage shm = new ServerHelloMessage(shc, |
347 ServerHelloMessage shm = new ServerHelloMessage(shc, |
349 shc.negotiatedProtocol, |
348 shc.negotiatedProtocol, |
350 shc.handshakeSession.getSessionId(), |
349 shc.handshakeSession.getSessionId(), |
351 shc.negotiatedCipherSuite, |
350 shc.negotiatedCipherSuite, |
352 new RandomCookie(shc.sslContext.getSecureRandom()), |
351 new RandomCookie(shc), |
353 clientHello); |
352 clientHello); |
354 shc.serverHelloRandom = shm.serverRandom; |
353 shc.serverHelloRandom = shm.serverRandom; |
355 |
354 |
356 // Produce extensions for ServerHello handshake message. |
355 // Produce extensions for ServerHello handshake message. |
357 SSLExtension[] serverHelloExtensions = |
356 SSLExtension[] serverHelloExtensions = |
555 shc.handshakeProducers.put(SSLHandshake.ENCRYPTED_EXTENSIONS.id, |
554 shc.handshakeProducers.put(SSLHandshake.ENCRYPTED_EXTENSIONS.id, |
556 SSLHandshake.ENCRYPTED_EXTENSIONS); |
555 SSLHandshake.ENCRYPTED_EXTENSIONS); |
557 shc.handshakeProducers.put(SSLHandshake.FINISHED.id, |
556 shc.handshakeProducers.put(SSLHandshake.FINISHED.id, |
558 SSLHandshake.FINISHED); |
557 SSLHandshake.FINISHED); |
559 |
558 |
560 // TODO: not yet consider downgrade protection. |
559 // Generate the ServerHello handshake message. |
561 ServerHelloMessage shm = new ServerHelloMessage(shc, |
560 ServerHelloMessage shm = new ServerHelloMessage(shc, |
562 ProtocolVersion.TLS12, // use legacy version |
561 ProtocolVersion.TLS12, // use legacy version |
563 clientHello.sessionId, // echo back |
562 clientHello.sessionId, // echo back |
564 shc.negotiatedCipherSuite, |
563 shc.negotiatedCipherSuite, |
565 new RandomCookie(shc.sslContext.getSecureRandom()), |
564 new RandomCookie(shc), |
566 clientHello); |
565 clientHello); |
567 shc.serverHelloRandom = shm.serverRandom; |
566 shc.serverHelloRandom = shm.serverRandom; |
568 |
567 |
569 // Produce extensions for ServerHello handshake message. |
568 // Produce extensions for ServerHello handshake message. |
570 SSLExtension[] serverHelloExtensions = |
569 SSLExtension[] serverHelloExtensions = |
957 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
956 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
958 SSLLogger.fine( |
957 SSLLogger.fine( |
959 "Negotiated protocol version: " + serverVersion.name); |
958 "Negotiated protocol version: " + serverVersion.name); |
960 } |
959 } |
961 |
960 |
|
961 if (serverHello.serverRandom.isVersionDowngrade(chc)) { |
|
962 chc.conContext.fatal(Alert.ILLEGAL_PARAMETER, |
|
963 "A potential protocol versoin downgrade attack"); |
|
964 } |
|
965 |
962 // Consume the handshake message for the specific protocol version. |
966 // Consume the handshake message for the specific protocol version. |
963 if (serverVersion.isDTLS) { |
967 if (serverVersion.isDTLS) { |
964 if (serverVersion.useTLS13PlusSpec()) { |
968 if (serverVersion.useTLS13PlusSpec()) { |
965 d13HandshakeConsumer.consume(chc, serverHello); |
969 d13HandshakeConsumer.consume(chc, serverHello); |
966 } else { |
970 } else { |