Closed Bug 1394956 Opened 3 years ago Closed 3 years ago
interaction of Hello
Retry Request and SSL _Send Additional Key Shares
44 bytes, text/x-phabricator-request
|Details | Review|
using NSS_TLS13_DRAFT19_BRANCH client does SSL_SendAdditionalKeyShares(mFD, 2) and makes a client hello in the usual way and then the server generates an HRR off the first ClientHello, using SSL_HelloRetryRequestCallback() and sets a cookie.. according the log, the client sees the cookie and generates a second ClientHello with it and (I believe) multiple keyshares again a new server context parses the second client hello and throws SSL_ERROR_RX_MALFORMED_CLIENT_HELLO based on tls13_ServerHandleKeyShareXtn() "Check that the client only offered one share if this is after HRR." ... omitting the SSL_SendAdditionalKeyShares() call seems to make it all work ok.
https://nss-review.dev.mozaws.net/D423 fixes this. We needed to move that check.
Comment on attachment 8904139 [details] Bug 1394956 - key_share after HelloRetryRequest can have multiple shares, r?ekr Eric Rescorla (:ekr) has approved the revision. https://phabricator.services.mozilla.com/D26#1420
Attachment #8904139 - Flags: review+
Assignee: nobody → martin.thomson
Status: NEW → RESOLVED
Closed: 3 years ago
Hardware: Unspecified → All
Resolution: --- → FIXED
Target Milestone: --- → Future
You need to log in before you can comment on or make changes to this bug.