add supported versions RFC exception for legacy client hello version

goatgoose · Oct 16, 2023 · 08d3d78 · 08d3d78
1 parent 4026318
commit 08d3d78
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/tls/extensions/s2n_client_supported_versions.c b/tls/extensions/s2n_client_supported_versions.c
@@ -139,6 +139,19 @@ static S2N_RESULT s2n_client_supported_versions_recv_impl(struct s2n_connection
 
 static int s2n_client_supported_versions_recv(struct s2n_connection *conn, struct s2n_stuffer *extension)
 {
+    /* For backwards compatibility, the supported versions extension is not used for protocol
+     * version selection if the server doesn't support TLS 1.3. This ensures that TLS 1.2 servers
+     * experience no behavior change due to processing the TLS 1.3 extension. See
+     * https://github.com/aws/s2n-tls/issues/4240.
+     *
+     *= https://www.rfc-editor.org/rfc/rfc8446#section-4.2.1
+     *= type=exception
+     *= reason=The client hello legacy version is used for version selection on TLS 1.2 servers for backwards compatibility
+     *# If this extension is present in the ClientHello, servers MUST NOT use
+     *# the ClientHello.legacy_version value for version negotiation and MUST
+     *# use only the "supported_versions" extension to determine client
+     *# preferences.
+     */
     if (s2n_connection_get_protocol_version(conn) < S2N_TLS13) {
         return S2N_SUCCESS;
     }