tlslite/patches/fallback_scsv.patch

diff --git a/third_party/tlslite/tlslite/TLSConnection.py b/third_party/tlslite/tlslite/TLSConnection.py
index d2270a9..e6ce187 100644
--- a/third_party/tlslite/tlslite/TLSConnection.py
+++ b/third_party/tlslite/tlslite/TLSConnection.py
@@ -937,7 +937,8 @@ class TLSConnection(TLSRecordLayer):
                         certChain=None, privateKey=None, reqCert=False,
                         sessionCache=None, settings=None, checker=None,
                         reqCAs=None, tlsIntolerant=0,
-                        signedCertTimestamps=None):
+                        signedCertTimestamps=None,
+                        fallbackSCSV=False):
         """Perform a handshake in the role of server.

         This function performs an SSL or TLS handshake.  Depending on
@@ -1014,6 +1014,19 @@ class TLSConnection(TLSRecordLayer):
         binary 8-bit string) that will be sent as a TLS extension whenever
         the client announces support for the extension.

+        @type tlsIntolerant: int
+        @param tlsIntolerant: if non-zero, the server will simulate TLS
+        version intolerance by returning a fatal, handshake_failure alert.
+        The versions to which it's intolerant vary depending on the value:
+        1: reject all TLS versions.
+        2: reject TLS 1.1 or higher.
+        3: reject TLS 1.2 or higher.
+
+        @type fallbackSCSV: bool
+        @param fallbackSCSV: if true, the server will implement
+        TLS_FALLBACK_SCSV and thus reject connections using less than the
+        server's maximum TLS version that include this cipher suite.
+
         @raise socket.error: If a socket error occurs.
         @raise tlslite.errors.TLSAbruptCloseError: If the socket is closed
         without a preceding alert.
@@ -1022,7 +1023,8 @@ class TLSConnection(TLSRecordLayer):
         """
         for result in self.handshakeServerAsync(sharedKeyDB, verifierDB,
                 certChain, privateKey, reqCert, sessionCache, settings,
-                checker, reqCAs, tlsIntolerant, signedCertTimestamps):
+                checker, reqCAs, tlsIntolerant, signedCertTimestamps,
+                fallbackSCSV):
             pass


@@ -1030,7 +1032,8 @@ class TLSConnection(TLSRecordLayer):
                              certChain=None, privateKey=None, reqCert=False,
                              sessionCache=None, settings=None, checker=None,
                              reqCAs=None, tlsIntolerant=0,
-                             signedCertTimestamps=None):
+                             signedCertTimestamps=None,
+                             fallbackSCSV=False):
         """Start a server handshake operation on the TLS connection.

         This function returns a generator which behaves similarly to
@@ -1049,7 +1052,8 @@ class TLSConnection(TLSRecordLayer):
             sessionCache=sessionCache, settings=settings,
             reqCAs=reqCAs,
             tlsIntolerant=tlsIntolerant,
-            signedCertTimestamps=signedCertTimestamps)
+            signedCertTimestamps=signedCertTimestamps,
+            fallbackSCSV=fallbackSCSV)
         for result in self._handshakeWrapperAsync(handshaker, checker):
             yield result

@@ -1057,7 +1061,8 @@ class TLSConnection(TLSRecordLayer):
     def _handshakeServerAsyncHelper(self, sharedKeyDB, verifierDB,
                                     certChain, privateKey, reqCert,
                                     sessionCache, settings, reqCAs,
-                                    tlsIntolerant, signedCertTimestamps):
+                                    tlsIntolerant, signedCertTimestamps,
+                                    fallbackSCSV):

         self._handshakeStart(client=False)

@@ -1141,12 +1146,18 @@ class TLSConnection(TLSRecordLayer):
                 yield result

         #If client's version is too high, propose my highest version
-        elif clientHello.client_version > settings.maxVersion:
+        if clientHello.client_version > settings.maxVersion:
             self.version = settings.maxVersion
-
         else:
             #Set the version to the client's version
             self.version = clientHello.client_version
+            if (fallbackSCSV and
+                clientHello.client_version < settings.maxVersion):
+                for cipherSuite in clientHello.cipher_suites:
+                    if cipherSuite == 0x5600:
+                        for result in self._sendError(\
+                                AlertDescription.inappropriate_fallback):
+                            yield result

         #Get the client nonce; create server nonce
         clientRandom = clientHello.random
diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlslite/constants.py
index b5a345a..23e3dcb 100644
--- a/third_party/tlslite/tlslite/constants.py
+++ b/third_party/tlslite/tlslite/constants.py
@@ -91,6 +91,7 @@ class AlertDescription:
     protocol_version = 70
     insufficient_security = 71
     internal_error = 80
+    inappropriate_fallback = 86
     user_canceled = 90
     no_renegotiation = 100
     unknown_srp_username = 120
diff --git a/third_party/tlslite/tlslite/errors.py b/third_party/tlslite/tlslite/errors.py
index c7f7ba8..45087e6 100644
--- a/third_party/tlslite/tlslite/errors.py
+++ b/third_party/tlslite/tlslite/errors.py
@@ -48,6 +48,7 @@ class TLSAlert(TLSError):
         AlertDescription.protocol_version: "protocol_version",\
         AlertDescription.insufficient_security: "insufficient_security",\
         AlertDescription.internal_error: "internal_error",\
+        AlertDescription.inappropriate_fallback: "inappropriate_fallback",\
         AlertDescription.user_canceled: "user_canceled",\
         AlertDescription.no_renegotiation: "no_renegotiation",\
         AlertDescription.unknown_srp_username: "unknown_srp_username",\