diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2017-06-10 18:40:12 +0700 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2017-06-10 18:40:12 +0700 |
commit | 06be229c35c4e6161f570fcdb48cd758f4e0a587 (patch) | |
tree | 8682a762c8fa017a827eed07dffe2b6fc2517260 /crypto/src/crypto/tls/TlsECDHKeyExchange.cs | |
parent | Checks on DH peer public key (diff) | |
download | BouncyCastle.NET-ed25519-06be229c35c4e6161f570fcdb48cd758f4e0a587.tar.xz |
Alert when anonymous server sends CertificateRequest
Diffstat (limited to '')
-rw-r--r-- | crypto/src/crypto/tls/TlsECDHKeyExchange.cs | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/crypto/src/crypto/tls/TlsECDHKeyExchange.cs b/crypto/src/crypto/tls/TlsECDHKeyExchange.cs index 03c162904..c508fb993 100644 --- a/crypto/src/crypto/tls/TlsECDHKeyExchange.cs +++ b/crypto/src/crypto/tls/TlsECDHKeyExchange.cs @@ -153,6 +153,9 @@ namespace Org.BouncyCastle.Crypto.Tls public override void ValidateCertificateRequest(CertificateRequest certificateRequest) { + if (mKeyExchange == KeyExchangeAlgorithm.ECDH_anon) + throw new TlsFatalAlert(AlertDescription.handshake_failure); + /* * RFC 4492 3. [...] The ECDSA_fixed_ECDH and RSA_fixed_ECDH mechanisms are usable with * ECDH_ECDSA and ECDH_RSA. Their use with ECDHE_ECDSA and ECDHE_RSA is prohibited because |