Fix #160 - Even more strict majorVersion check in SslHandler
This commit is contained in:
parent
ee6a6e6cec
commit
14d5133b22
@ -588,15 +588,15 @@ public class SslHandler extends FrameDecoder
|
|||||||
if (tls) {
|
if (tls) {
|
||||||
// SSLv3 or TLS - Check ProtocolVersion
|
// SSLv3 or TLS - Check ProtocolVersion
|
||||||
int majorVersion = buffer.getUnsignedByte(buffer.readerIndex() + 1);
|
int majorVersion = buffer.getUnsignedByte(buffer.readerIndex() + 1);
|
||||||
if (majorVersion >= 3 && majorVersion < 10) {
|
if (majorVersion == 3) {
|
||||||
// SSLv3 or TLS
|
// SSLv3 or TLS
|
||||||
packetLength = (getShort(buffer, buffer.readerIndex() + 3) & 0xFFFF) + 5;
|
packetLength = (getShort(buffer, buffer.readerIndex() + 3) & 0xFFFF) + 5;
|
||||||
if (packetLength <= 5) {
|
if (packetLength <= 5) {
|
||||||
// Neither SSLv2 or TLSv1 (i.e. SSLv2 or bad data)
|
// Neither SSLv3 or TLSv1 (i.e. SSLv2 or bad data)
|
||||||
tls = false;
|
tls = false;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
// Neither SSLv2 or TLSv1 (i.e. SSLv2 or bad data)
|
// Neither SSLv3 or TLSv1 (i.e. SSLv2 or bad data)
|
||||||
tls = false;
|
tls = false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user