relax signature algorithms extension in client hello

OpenSSL, even if -tls1 or -tls1_1 are provided, adds such an extension in the Client Hello from RFC5246: Clients MUST NOT offer it if they are offering prior versions. However, even if clients do offer it, the rules specified in [TLSEXT] require servers to ignore extensions they do not understand.
mirleft · Feb 13, 2023 · 8570a0d · 8570a0d
1 parent 4b14806
commit 8570a0d
Show file tree

Hide file tree

Showing 3 changed files with 1 addition and 7 deletions.
diff --git a/lib/engine.mli b/lib/engine.mli
@@ -67,7 +67,6 @@ type client_hello_errors = [
   | `NotSetCiphersuites of Packet.any_ciphersuite list
   | `NoSupportedCiphersuite of Packet.any_ciphersuite list
   | `NotSetExtension of Core.client_extension list
-  | `HasSignatureAlgorithmsExtension
   | `NoSignatureAlgorithmsExtension
   | `NoGoodSignatureAlgorithms of Core.signature_algorithm list
   | `NoKeyShareExtension

diff --git a/lib/handshake_common.ml b/lib/handshake_common.ml
@@ -303,11 +303,7 @@ let client_hello_valid version (ch : client_hello) =
               | _, _, false -> Error (`NotSubsetKeyShareSupportedGroup (gs, ks)) )
         | Some x -> Error (`NoGoodSignatureAlgorithms x)
       )
-    | `SSL_3 | `TLS_1_0 | `TLS_1_1 ->
-      Option.fold
-        ~none:(Error `HasSignatureAlgorithmsExtension)
-        ~some:(fun _ -> Ok ())
-        sig_alg
+    | `SSL_3 | `TLS_1_0 | `TLS_1_1 -> Ok ()
   in
 
   let share_ciphers =

diff --git a/lib/state.ml b/lib/state.ml
@@ -237,7 +237,6 @@ type client_hello_errors = [
   | `NotSetCiphersuites of Packet.any_ciphersuite list
   | `NoSupportedCiphersuite of Packet.any_ciphersuite list
   | `NotSetExtension of client_extension list
-  | `HasSignatureAlgorithmsExtension
   | `NoSignatureAlgorithmsExtension
   | `NoGoodSignatureAlgorithms of signature_algorithm list
   | `NoKeyShareExtension