Closed
Bug 1328952
Opened 9 years ago
Closed 9 years ago
Return a new error code when a client tries TLS1.3 with Early Data and a server falls back to tls1.2
Categories
(NSS :: Libraries, defect)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.29
People
(Reporter: dragana, Assigned: ekr)
References
Details
- Client negotiates TLS 1.3 w/ 0-RTT
- Server reconfigures to be TLS 1.2 only
- Client sends 1.3 CH with Early Data
- Server reads CH, negotiates 1.2, sends SH, and then tries to read ClientKeyExchange but gets early application data instead. This causes a handshake failure.
nss should return a new error code so that necko knows that it needs to retry with tls 1.2.
|
Reporter | |
Updated•9 years ago
|
Assignee: nobody → ekr
|
|
Reporter | |
Updated•9 years ago
|
Summary: Return a new error code when client try TLS1.3 with Early Data and server falls back to tls1.2 → Return a new error code when a client tries TLS1.3 with Early Data and a server falls back to tls1.2
|
||
Comment 1•9 years ago
|
||
How can we distinguish it from a connection disruption by MITM?
|
Assignee | |
Comment 2•9 years ago
|
||
You can't. Please see:
https://tlswg.github.io/tls13-spec/#rfc.appendix.D.3
|
|
Assignee | |
Comment 3•9 years ago
|
||
I suppose that you could, if you wanted to go nuts, fail if the server negotiates 1.3 when you get to connection completion (because the complete handshake gives you anti-downgrade).
|
|
Assignee | |
Comment 4•9 years ago
|
||
Patch at:
https://nss-review.dev.mozaws.net/D144
Dragana, you should be able to write your code in preparation for MT's r+
|
|
Reporter | |
Comment 5•9 years ago
|
||
This has landed, should we close the bug?
Flags: needinfo?(franziskuskiefer)
|
||
Comment 6•9 years ago
|
||
Status: NEW → RESOLVED
Closed: 9 years ago
Flags: needinfo?(franziskuskiefer)
Resolution: --- → FIXED
Target Milestone: --- → 3.29
You need to log in
before you can comment on or make changes to this bug.
Description
•