src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java

rev 10851 : Implement TLS_FALLBACK_SCSV

@@ -340,10 +340,20 @@
                 state != HandshakeMessage.ht_hello_request) {
             fatalSE(Alerts.alert_handshake_failure,
                 "Client initiated renegotiation is not allowed");
         }
 
+        CipherSuiteList cipherSuites = mesg.getCipherSuites();
+        if (cipherSuites.contains(CipherSuite.C_FALLBACK_SCSV)
+            && mesg.protocolVersion.compareTo(getActiveProtocols().max) < 0) {
+            // Some clients expect a response with the version they
+            // requested.
+            setVersion(mesg.protocolVersion);
+            fatalSE(Alerts.alert_inappropriate_fallback,
+                    "Client protocol downgrade is not allowed");
+        }
+
         // check the server name indication if required
         ServerNameExtension clientHelloSNIExt = (ServerNameExtension)
                     mesg.extensions.get(ExtensionType.EXT_SERVER_NAME);
         if (!sniMatchers.isEmpty()) {
             // we do not reject client without SNI extension

@@ -356,11 +366,10 @@
 
         // Does the message include security renegotiation indication?
         boolean renegotiationIndicated = false;
 
         // check the TLS_EMPTY_RENEGOTIATION_INFO_SCSV
-        CipherSuiteList cipherSuites = mesg.getCipherSuites();
         if (cipherSuites.contains(CipherSuite.C_SCSV)) {
             renegotiationIndicated = true;
             if (isInitialHandshake) {
                 secureRenegotiation = true;
             } else {