Add backport for tls downgrade fix

See also: https://github.com/refraction-networking/utls/commit/f8892761e2a4d29054264651d3a86fda83bc83f9

Add backport for tls downgrade fix
55c892a0 · shelikhoo · 925bfb39 · 55c892a0
Verified Commit 55c892a0 authored 4 months ago by shelikhoo
--- a/u_conn.go
+++ b/u_conn.go
@@ -589,6 +589,23 @@ func (c *UConn) clientHandshake(ctx context.Context) (err error) {
 		return err
 	}

+	/* BACKPORTED SECURITY FIX:
+	   https://github.com/advisories/GHSA-pmc3-p9hx-jq96
+	   https://github.com/refraction-networking/utls/commit/f8892761e2a4d29054264651d3a86fda83bc83f9
+	*/
+
+	// If we are negotiating a protocol version that's lower than what we
+	// support, check for the server downgrade canaries.
+	// See RFC 8446, Section 4.1.3.
+	maxVers := c.config.maxSupportedVersion(roleClient)
+	tls12Downgrade := string(serverHello.random[24:]) == downgradeCanaryTLS12
+	tls11Downgrade := string(serverHello.random[24:]) == downgradeCanaryTLS11
+	if maxVers == VersionTLS13 && c.vers <= VersionTLS12 && (tls12Downgrade || tls11Downgrade) ||
+		maxVers == VersionTLS12 && c.vers <= VersionTLS11 && tls11Downgrade {
+		c.sendAlert(alertIllegalParameter)
+		return errors.New("tls: downgrade attempt detected, possibly due to a MitM attack or a broken middlebox")
+	}
+
 	// uTLS: do not create new handshakeState, use existing one
 	if c.vers == VersionTLS13 {
 		hs13 := c.HandshakeState.toPrivate13()