Allow a TLS1.1+ client (like recent Google Chrome, 1.2) to fallback to TLS1.0 when...

diff --git a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Server/TlsClientHello.cs b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Server/TlsClientHello.cs
index e328e2acae3cb9e98b866e5445652457fde4e617..8a54ba785c4b476f57bd26090903025840ae57c1 100644 (file)
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Server/TlsClientHello.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Server/TlsClientHello.cs
@@ -106,7 +106,10 @@ namespace Mono.Security.Protocol.Tls.Handshake.Server
 
                private void processProtocol(short protocol)
                {
-                       SecurityProtocolType clientProtocol = this.Context.DecodeProtocolCode(protocol);
+                       // a server MUST reply with the hight version supported (`true` for fallback)
+                       // so a TLS 1.2 client (like Google Chrome) will be returned that the server uses TLS 1.0
+                       // instead of an alert about the protocol
+                       SecurityProtocolType clientProtocol = Context.DecodeProtocolCode (protocol, true);
 
                        if ((clientProtocol & this.Context.SecurityProtocolFlags) == clientProtocol ||
                                (this.Context.SecurityProtocolFlags & SecurityProtocolType.Default) == SecurityProtocolType.Default)

diff --git a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs
index 792a9970a1774369fcd68897cbe3a3a17fb05aa0..340913fa04096e0c7af521e3e4a7aa26eb73046a 100644 (file)
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs
@@ -405,7 +405,7 @@ namespace Mono.Security.Protocol.Tls
                        }
                }
 
-               public SecurityProtocolType DecodeProtocolCode(short code)
+               public SecurityProtocolType DecodeProtocolCode (short code, bool allowFallback = false)
                {
                        switch (code)
                        {
@@ -416,6 +416,10 @@ namespace Mono.Security.Protocol.Tls
                                        return SecurityProtocolType.Ssl3;
 
                                default:
+                                       // if allowed we'll continue using TLS (1.0) even if the other side is capable of using a newer
+                                       // version of the TLS protocol
+                                       if (allowFallback && (code > (short) Context.TLS1_PROTOCOL_CODE))
+                                               return SecurityProtocolType.Tls;
                                        throw new NotSupportedException("Unsupported security protocol type");
                        }
                }