From d382f1467960d67a6b5eb25447f689a0ccac371e Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Tue, 29 Apr 2025 14:33:15 -0400
Subject: [PATCH] crypto/tls: use illegal param alert for bad compression

Previously if the clientHandshakeState for the TLS 1.2 client code
encountered a server helo message that contained a compression method
other than compressionNone, we would emit an unexpected message alert.

Instead, it seems more appropriate to return an illegal parameter alert.
The server hello message _was_ expected, it just contained a bad
parameter option.

Making this change also allows enabling the InvalidCompressionMethod
bogo test.

Updates #72006

Change-Id: I27a2cd231e4b8762b0d9e2dbd3d8ddd5b87fd5c3
Reviewed-on: https://go-review.googlesource.com/c/go/+/669155
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
---
 src/crypto/tls/bogo_config.json    | 1 -
 src/crypto/tls/handshake_client.go | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/crypto/tls/bogo_config.json b/src/crypto/tls/bogo_config.json
index 5261a35ca95..7184f56b058 100644
--- a/src/crypto/tls/bogo_config.json
+++ b/src/crypto/tls/bogo_config.json
@@ -65,7 +65,6 @@
         "NoNullCompression-TLS12": "TODO: first pass, this should be fixed",
         "KeyUpdate-RequestACK": "TODO: first pass, this should be fixed",
         "TLS13-HRR-InvalidCompressionMethod": "TODO: first pass, this should be fixed",
-        "InvalidCompressionMethod": "TODO: first pass, this should be fixed",
         "TLS-TLS12-RSA_WITH_AES_128_GCM_SHA256-LargeRecord": "TODO: first pass, this should be fixed",
         "TLS-TLS1-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
         "TLS-TLS11-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go
index 30f2e2a2a2c..0971afabaca 100644
--- a/src/crypto/tls/handshake_client.go
+++ b/src/crypto/tls/handshake_client.go
@@ -889,7 +889,7 @@ func (hs *clientHandshakeState) processServerHello() (bool, error) {
 	}
 
 	if hs.serverHello.compressionMethod != compressionNone {
-		c.sendAlert(alertUnexpectedMessage)
+		c.sendAlert(alertIllegalParameter)
 		return false, errors.New("tls: server selected unsupported compression format")
 	}
 
-- 
GitLab