From e1c41da56e9b2713e9e0c414b50ba3d5810c5085 Mon Sep 17 00:00:00 2001
From: Masatoshi Kimura <VYV03354@nifty.ne.jp>
Date: Fri, 12 Feb 2016 07:36:37 +0900
Subject: [PATCH] Bug 1247250 - Enable TLS 1.3 draft 11 anti-downgrade on
 non-secure fallback. r=keeler

---
 config/external/nss/nss.symbols       |  1 +
 security/manager/ssl/nsNSSIOLayer.cpp | 10 +++++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/config/external/nss/nss.symbols b/config/external/nss/nss.symbols
index 850765ccd4b..191fa017554 100644
--- a/config/external/nss/nss.symbols
+++ b/config/external/nss/nss.symbols
@@ -673,6 +673,7 @@ SSL_PeerCertificateChain
 SSL_PeerStapledOCSPResponses
 SSL_ResetHandshake
 SSL_SetCanFalseStartCallback
+SSL_SetDowngradeCheckVersion
 SSL_SetNextProtoNego
 SSL_SetPKCS11PinArg
 SSL_SetSockPeerID
diff --git a/security/manager/ssl/nsNSSIOLayer.cpp b/security/manager/ssl/nsNSSIOLayer.cpp
index 48d8f704233..e890f18a1e2 100644
--- a/security/manager/ssl/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/nsNSSIOLayer.cpp
@@ -1078,7 +1078,10 @@ retryDueToTLSIntolerance(PRErrorCode err, nsNSSSocketInfo* socketInfo)
                                  nsIWebProgressListener::STATE_USES_SSL_3);
   }
 
-  if (err == SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT) {
+  // NSS will return SSL_ERROR_RX_MALFORMED_SERVER_HELLO if TLS 1.3
+  // anti-downgrade detected the downgrade.
+  if (err == SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT ||
+      err == SSL_ERROR_RX_MALFORMED_SERVER_HELLO) {
     // This is a clear signal that we've fallen back too many versions.  Treat
     // this as a hard failure, but forget any intolerance so that later attempts
     // don't use this version (i.e., range.max) and trigger the error again.
@@ -2555,6 +2558,11 @@ nsSSLIOLayerSetOptions(PRFileDesc* fd, bool forSTARTTLS,
     if (SECSuccess != SSL_OptionSet(fd, SSL_ENABLE_FALLBACK_SCSV, true)) {
       return NS_ERROR_FAILURE;
     }
+    // tell NSS to enable the max enabled version to make TLS 1.3
+    // anti-downgrade effective
+    if (SECSuccess != SSL_SetDowngradeCheckVersion(fd, maxEnabledVersion)) {
+      return NS_ERROR_FAILURE;
+    }
   }
 
   bool enabled = infoObject->SharedState().IsOCSPStaplingEnabled();