Renegotiation with both renegotiation_info and SCSV at once is allowed
Description of problem:
(from https://tools.ietf.org/html/rfc5746#section-3.5)
3.5. Client Behavior: Secure Renegotiation
- The client MUST include the "renegotiation_info" extension in the
ClientHello, containing the saved client_verify_data.
The SCSV MUST NOT be included.
Version of gnutls used:
How reproducible:
Steps to Reproduce:
On a renegotiation, send both SCSV and renegotiation_info.
tlfuzzer script for invoking this behaviour: (not merged yet, https://github.com/tomato42/tlsfuzzer/pull/583).
output:
sending both SCSV and renegotiation_info in renegotiated handshake ...
Error encountered while processing node <tlsfuzzer.expect.ExpectAlert object at 0x7fbe262ce7d0> (child: <tlsfuzzer.expect.ExpectClose object at 0x7fbe262ce810>) with last message being: <tlslite.messages.Message object at 0x7fbe26253b90>
Error while processing
Traceback (most recent call last):
File "scripts/test-legacy-renegotiation.py", line 317, in main
runner.run()
File "/home/asosedki/code/tlsfuzzer/tlsfuzzer/runner.py", line 225, in run
RecordHeader2)))
AssertionError: Unexpected message from peer: Handshake(server_hello)
Actual results:
ServerHello
Expected results:
handshake_failure
Edited by t184256