1 /*
2 * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
262 }
263 }
264 }
265
266
267 /*
268 * ClientHello presents the server with a bunch of options, to which the
269 * server replies with a ServerHello listing the ones which this session
270 * will use. If needed, it also writes its Certificate plus in some cases
271 * a ServerKeyExchange message. It may also write a CertificateRequest,
272 * to elicit a client certificate.
273 *
274 * All these messages are terminated by a ServerHelloDone message. In
275 * most cases, all this can be sent in a single Record.
276 */
277 private void clientHello(ClientHello mesg) throws IOException {
278 if (debug != null && Debug.isOn("handshake")) {
279 mesg.print(System.out);
280 }
281
282 // check the server name indication if required
283 ServerNameExtension clientHelloSNIExt = (ServerNameExtension)
284 mesg.extensions.get(ExtensionType.EXT_SERVER_NAME);
285 if (!sniMatchers.isEmpty()) {
286 // we do not reject client without SNI extension
287 if (clientHelloSNIExt != null &&
288 !clientHelloSNIExt.isMatched(sniMatchers)) {
289 fatalSE(Alerts.alert_unrecognized_name,
290 "Unrecognized server name indication");
291 }
292 }
293
294 // Does the message include security renegotiation indication?
295 boolean renegotiationIndicated = false;
296
297 // check the TLS_EMPTY_RENEGOTIATION_INFO_SCSV
298 CipherSuiteList cipherSuites = mesg.getCipherSuites();
299 if (cipherSuites.contains(CipherSuite.C_SCSV)) {
300 renegotiationIndicated = true;
301 if (isInitialHandshake) {
352 }
353
354 // if there is no security renegotiation indication or the previous
355 // handshake is insecure.
356 if (!renegotiationIndicated || !secureRenegotiation) {
357 if (isInitialHandshake) {
358 if (!allowLegacyHelloMessages) {
359 // abort the handshake with a fatal handshake_failure alert
360 fatalSE(Alerts.alert_handshake_failure,
361 "Failed to negotiate the use of secure renegotiation");
362 }
363
364 // continue with legacy ClientHello
365 if (debug != null && Debug.isOn("handshake")) {
366 System.out.println("Warning: No renegotiation " +
367 "indication in ClientHello, allow legacy ClientHello");
368 }
369 } else if (!allowUnsafeRenegotiation) {
370 // abort the handshake
371 if (activeProtocolVersion.v >= ProtocolVersion.TLS10.v) {
372 // response with a no_renegotiation warning,
373 warningSE(Alerts.alert_no_renegotiation);
374
375 // invalidate the handshake so that the caller can
376 // dispose this object.
377 invalidated = true;
378
379 // If there is still unread block in the handshake
380 // input stream, it would be truncated with the disposal
381 // and the next handshake message will become incomplete.
382 //
383 // However, according to SSL/TLS specifications, no more
384 // handshake message could immediately follow ClientHello
385 // or HelloRequest. But in case of any improper messages,
386 // we'd better check to ensure there is no remaining bytes
387 // in the handshake input stream.
388 if (input.available() > 0) {
389 fatalSE(Alerts.alert_unexpected_message,
390 "ClientHello followed by an unexpected " +
391 "handshake message");
392 }
|
1 /*
2 * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
262 }
263 }
264 }
265
266
267 /*
268 * ClientHello presents the server with a bunch of options, to which the
269 * server replies with a ServerHello listing the ones which this session
270 * will use. If needed, it also writes its Certificate plus in some cases
271 * a ServerKeyExchange message. It may also write a CertificateRequest,
272 * to elicit a client certificate.
273 *
274 * All these messages are terminated by a ServerHelloDone message. In
275 * most cases, all this can be sent in a single Record.
276 */
277 private void clientHello(ClientHello mesg) throws IOException {
278 if (debug != null && Debug.isOn("handshake")) {
279 mesg.print(System.out);
280 }
281
282 // reject client initialized renegotiation?
283 if (rejectClientInitializedRenego && !isInitialHandshake &&
284 state != HandshakeMessage.ht_hello_request) {
285 fatalSE(Alerts.alert_handshake_failure,
286 "Client initialized renegotiation is not allowed");
287 }
288
289 // check the server name indication if required
290 ServerNameExtension clientHelloSNIExt = (ServerNameExtension)
291 mesg.extensions.get(ExtensionType.EXT_SERVER_NAME);
292 if (!sniMatchers.isEmpty()) {
293 // we do not reject client without SNI extension
294 if (clientHelloSNIExt != null &&
295 !clientHelloSNIExt.isMatched(sniMatchers)) {
296 fatalSE(Alerts.alert_unrecognized_name,
297 "Unrecognized server name indication");
298 }
299 }
300
301 // Does the message include security renegotiation indication?
302 boolean renegotiationIndicated = false;
303
304 // check the TLS_EMPTY_RENEGOTIATION_INFO_SCSV
305 CipherSuiteList cipherSuites = mesg.getCipherSuites();
306 if (cipherSuites.contains(CipherSuite.C_SCSV)) {
307 renegotiationIndicated = true;
308 if (isInitialHandshake) {
359 }
360
361 // if there is no security renegotiation indication or the previous
362 // handshake is insecure.
363 if (!renegotiationIndicated || !secureRenegotiation) {
364 if (isInitialHandshake) {
365 if (!allowLegacyHelloMessages) {
366 // abort the handshake with a fatal handshake_failure alert
367 fatalSE(Alerts.alert_handshake_failure,
368 "Failed to negotiate the use of secure renegotiation");
369 }
370
371 // continue with legacy ClientHello
372 if (debug != null && Debug.isOn("handshake")) {
373 System.out.println("Warning: No renegotiation " +
374 "indication in ClientHello, allow legacy ClientHello");
375 }
376 } else if (!allowUnsafeRenegotiation) {
377 // abort the handshake
378 if (activeProtocolVersion.v >= ProtocolVersion.TLS10.v) {
379 // response with a no_renegotiation warning
380 warningSE(Alerts.alert_no_renegotiation);
381
382 // invalidate the handshake so that the caller can
383 // dispose this object.
384 invalidated = true;
385
386 // If there is still unread block in the handshake
387 // input stream, it would be truncated with the disposal
388 // and the next handshake message will become incomplete.
389 //
390 // However, according to SSL/TLS specifications, no more
391 // handshake message could immediately follow ClientHello
392 // or HelloRequest. But in case of any improper messages,
393 // we'd better check to ensure there is no remaining bytes
394 // in the handshake input stream.
395 if (input.available() > 0) {
396 fatalSE(Alerts.alert_unexpected_message,
397 "ClientHello followed by an unexpected " +
398 "handshake message");
399 }
|