private void processProtocol(short protocol)
{
- SecurityProtocolType clientProtocol = this.Context.DecodeProtocolCode(protocol);
+ // a server MUST reply with the hight version supported (`true` for fallback)
+ // so a TLS 1.2 client (like Google Chrome) will be returned that the server uses TLS 1.0
+ // instead of an alert about the protocol
+ SecurityProtocolType clientProtocol = Context.DecodeProtocolCode (protocol, true);
if ((clientProtocol & this.Context.SecurityProtocolFlags) == clientProtocol ||
(this.Context.SecurityProtocolFlags & SecurityProtocolType.Default) == SecurityProtocolType.Default)
}
}
- public SecurityProtocolType DecodeProtocolCode(short code)
+ public SecurityProtocolType DecodeProtocolCode (short code, bool allowFallback = false)
{
switch (code)
{
return SecurityProtocolType.Ssl3;
default:
+ // if allowed we'll continue using TLS (1.0) even if the other side is capable of using a newer
+ // version of the TLS protocol
+ if (allowFallback && (code > (short) Context.TLS1_PROTOCOL_CODE))
+ return SecurityProtocolType.Tls;
throw new NotSupportedException("Unsupported security protocol type");
}
}