--- a/src/java.base/share/classes/sun/security/ssl/ServerHello.java Fri May 25 14:24:17 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/ServerHello.java Sat May 26 15:15:27 2018 -0700
@@ -344,12 +344,11 @@
}
// Generate the ServerHello handshake message.
- // TODO: not yet consider downgrade protection.
ServerHelloMessage shm = new ServerHelloMessage(shc,
shc.negotiatedProtocol,
shc.handshakeSession.getSessionId(),
shc.negotiatedCipherSuite,
- new RandomCookie(shc.sslContext.getSecureRandom()),
+ new RandomCookie(shc),
clientHello);
shc.serverHelloRandom = shm.serverRandom;
@@ -557,12 +556,12 @@
shc.handshakeProducers.put(SSLHandshake.FINISHED.id,
SSLHandshake.FINISHED);
- // TODO: not yet consider downgrade protection.
+ // Generate the ServerHello handshake message.
ServerHelloMessage shm = new ServerHelloMessage(shc,
ProtocolVersion.TLS12, // use legacy version
clientHello.sessionId, // echo back
shc.negotiatedCipherSuite,
- new RandomCookie(shc.sslContext.getSecureRandom()),
+ new RandomCookie(shc),
clientHello);
shc.serverHelloRandom = shm.serverRandom;
@@ -959,6 +958,11 @@
"Negotiated protocol version: " + serverVersion.name);
}
+ if (serverHello.serverRandom.isVersionDowngrade(chc)) {
+ chc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
+ "A potential protocol versoin downgrade attack");
+ }
+
// Consume the handshake message for the specific protocol version.
if (serverVersion.isDTLS) {
if (serverVersion.useTLS13PlusSpec()) {