in src/messages.js [257:282]
static _read(buf) {
// Fixed value for legacy_version.
if (buf.readUint16() !== VERSION_TLS_1_2) {
throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
}
// Random bytes from the server.
const random = buf.readBytes(32);
// It should have echoed our vector for legacy_session_id.
const sessionId = buf.readVectorBytes8();
// It should have selected our single offered ciphersuite.
if (buf.readUint16() !== TLS_AES_128_GCM_SHA256) {
throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
}
// legacy_compression_method must be zero.
if (buf.readUint8() !== 0) {
throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
}
const extensions = this._readExtensions(HANDSHAKE_TYPE.SERVER_HELLO, buf);
if (! extensions.has(EXTENSION_TYPE.SUPPORTED_VERSIONS)) {
throw new TLSError(ALERT_DESCRIPTION.MISSING_EXTENSION);
}
if (extensions.get(EXTENSION_TYPE.SUPPORTED_VERSIONS).selectedVersion !== VERSION_TLS_1_3) {
throw new TLSError(ALERT_DESCRIPTION.ILLEGAL_PARAMETER);
}
return new this(random, sessionId, extensions);
}