Closed Bug 1394956 Opened 8 years ago Closed 8 years ago

interaction of HelloRetryRequest and SSL_SendAdditionalKeyShares

Categories

(NSS :: Libraries, enhancement, P2)

Product:
NSS
Component:
Libraries
Platform:
All
Unspecified
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
Future

People

(Reporter: mcmanus, Assigned: mt)

Details

Attachments

(1 file, 1 obsolete file)

Bug 1394956 - key_share after HelloRetryRequest can have multiple shares, r?ekr
44 bytes, text/x-phabricator-request
ekr
: review+
Details | Review
using NSS_TLS13_DRAFT19_BRANCH client does SSL_SendAdditionalKeyShares(mFD, 2) and makes a client hello in the usual way and then the server generates an HRR off the first ClientHello, using SSL_HelloRetryRequestCallback() and sets a cookie.. according the log, the client sees the cookie and generates a second ClientHello with it and (I believe) multiple keyshares again a new server context parses the second client hello and throws SSL_ERROR_RX_MALFORMED_CLIENT_HELLO based on tls13_ServerHandleKeyShareXtn() "Check that the client only offered one share if this is after HRR." ... omitting the SSL_SendAdditionalKeyShares() call seems to make it all work ok.
https://nss-review.dev.mozaws.net/D423 fixes this. We needed to move that check.
Attachment #8904116 - Attachment is obsolete: true
Priority: -- → P2
Comment on attachment 8904139 [details] Bug 1394956 - key_share after HelloRetryRequest can have multiple shares, r?ekr Eric Rescorla (:ekr) has approved the revision. https://phabricator.services.mozilla.com/D26#1420
Attachment #8904139 - Flags: review+
https://hg.mozilla.org/projects/nss/rev/3efb83875558adc1674dfa2ddba0a47f85979ed5
Assignee: nobody → martin.thomson
Status: NEW → RESOLVED
Closed: 8 years ago
Hardware: Unspecified → All
Resolution: --- → FIXED
Target Milestone: --- → Future
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: