src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java

rev 10851 : Implement TLS_FALLBACK_SCSV

*** 340,349 ****
--- 340,359 ----
                  state != HandshakeMessage.ht_hello_request) {
              fatalSE(Alerts.alert_handshake_failure,
                  "Client initiated renegotiation is not allowed");
          }
  
+         CipherSuiteList cipherSuites = mesg.getCipherSuites();
+         if (cipherSuites.contains(CipherSuite.C_FALLBACK_SCSV)
+             && mesg.protocolVersion.compareTo(getActiveProtocols().max) < 0) {
+             // Some clients expect a response with the version they
+             // requested.
+             setVersion(mesg.protocolVersion);
+             fatalSE(Alerts.alert_inappropriate_fallback,
+                     "Client protocol downgrade is not allowed");
+         }
+ 
          // check the server name indication if required
          ServerNameExtension clientHelloSNIExt = (ServerNameExtension)
                      mesg.extensions.get(ExtensionType.EXT_SERVER_NAME);
          if (!sniMatchers.isEmpty()) {
              // we do not reject client without SNI extension
*** 356,366 ****
  
          // Does the message include security renegotiation indication?
          boolean renegotiationIndicated = false;
  
          // check the TLS_EMPTY_RENEGOTIATION_INFO_SCSV
-         CipherSuiteList cipherSuites = mesg.getCipherSuites();
          if (cipherSuites.contains(CipherSuite.C_SCSV)) {
              renegotiationIndicated = true;
              if (isInitialHandshake) {
                  secureRenegotiation = true;
              } else {
--- 366,375 ----