If a client encounters an unknown CA, the TLS handshake is completed before the fatal unknown_ca alert is sent.

RESOLVED INVALID

Status

NSS
Libraries
RESOLVED INVALID
3 years ago
3 years ago

People

(Reporter: Maximilian Hils, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

3 years ago
Created attachment 8484978 [details]
sslserver.py

User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.103 Safari/537.36

Steps to reproduce:

On the server-side:
1. Accept a TLS/HTTPS connection from Firefox.
2. Serve a certificate that is not trusted by the client.
3. Perform an SSL handshake. (conn.do_handshake())


Actual results:

do_handshake() returns without error. 
The TLS unknown_ca alert is sent after the handshake completes: https://github.com/mitmproxy/mitmproxy/issues/301#issuecomment-50237255


Expected results:

The handshake should not be completed, the TLS alert should be sent immediately.
I commented in the mitmproxy thread linked above. This is the normal behavior for asynchronous certificate verification. We will complete the handshake, including sending and receiving the Finished message, before the certificate is verified. But, we won't add the session to the session cache and we won't send application data or process received application data until the certificate verification is finished. (The certificate verification and the handshake race each other, and we wait until they are both done.)
Status: UNCONFIRMED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.