Closed
Bug 1328952
Opened 7 years ago
Closed 7 years ago
Return a new error code when a client tries TLS1.3 with Early Data and a server falls back to tls1.2
Categories
(NSS :: Libraries, defect)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.29
People
(Reporter: dragana, Assigned: ekr)
References
Details
- Client negotiates TLS 1.3 w/ 0-RTT - Server reconfigures to be TLS 1.2 only - Client sends 1.3 CH with Early Data - Server reads CH, negotiates 1.2, sends SH, and then tries to read ClientKeyExchange but gets early application data instead. This causes a handshake failure. nss should return a new error code so that necko knows that it needs to retry with tls 1.2.
Reporter | ||
Updated•7 years ago
|
Assignee: nobody → ekr
Reporter | ||
Updated•7 years ago
|
Summary: Return a new error code when client try TLS1.3 with Early Data and server falls back to tls1.2 → Return a new error code when a client tries TLS1.3 with Early Data and a server falls back to tls1.2
Comment 1•7 years ago
|
||
How can we distinguish it from a connection disruption by MITM?
Assignee | ||
Comment 2•7 years ago
|
||
You can't. Please see: https://tlswg.github.io/tls13-spec/#rfc.appendix.D.3
Assignee | ||
Comment 3•7 years ago
|
||
I suppose that you could, if you wanted to go nuts, fail if the server negotiates 1.3 when you get to connection completion (because the complete handshake gives you anti-downgrade).
Assignee | ||
Comment 4•7 years ago
|
||
Patch at: https://nss-review.dev.mozaws.net/D144 Dragana, you should be able to write your code in preparation for MT's r+
Reporter | ||
Comment 5•7 years ago
|
||
This has landed, should we close the bug?
Flags: needinfo?(franziskuskiefer)
Comment 6•7 years ago
|
||
https://hg.mozilla.org/projects/nss/rev/02c17236c233
Status: NEW → RESOLVED
Closed: 7 years ago
Flags: needinfo?(franziskuskiefer)
Resolution: --- → FIXED
Target Milestone: --- → 3.29
You need to log in
before you can comment on or make changes to this bug.
Description
•