Closed
Bug 1413634
Opened 7 years ago
Closed 7 years ago
If TLS server has no signature algorithm overlap with the client hello list, the NSS server sends an incorrect TLS alert
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
3.36
People
(Reporter: hkario, Assigned: KaiE)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
When the signature_algorithms extension in Client Hello includes only unrecognised values to NSS, the NSS server responds with decode_error alert instead of handshake_failure alert.
RFC 5246:
decode_error
A message could not be decoded because some field was out of the
specified range or the length of the message was incorrect. This
message is always fatal and should never be observed in
communication between proper implementations (except when messages
were corrupted in the network).
handshake_failure
Reception of a handshake_failure alert message indicates that the
sender was unable to negotiate an acceptable set of security
parameters given the options available. This is a fatal error.
Reproducer:
Reproducer:
git clone https://github.com/tomato42/tlsfuzzer.git
pushd tlsfuzzer
git clone https://github.com/warner/python-ecdsa .python-ecdsa
ln -s .python-ecdsa/ecdsa ecdsa
git clone https://github.com/tomato42/tlslite-ng.git .tlslite-ng
pushd .tlslite-ng
popd
ln -s .tlslite-ng/tlslite tlslite
popd
openssl req -x509 -newkey rsa -keyout localhost.key -out localhost.crt -nodes -batch -subj /CN=localhost
openssl pkcs12 -export -passout pass: -out localhost.p12 -inkey localhost.key -in localhost.crt
mkdir nssdb
certutil -N -d sql:nssdb --empty-password
pk12util -i localhost.p12 -d sql:nssdb -W ''
selfserv -n localhost -p 4433 -d sql:./nssdb -V tls1.0: -H 1 -U 0 -G
# in another terminal, same directory
PYTHONPATH=tlsfuzzer python tlsfuzzer/scripts/test-sig-algs.py 'only undefined sigalgs'
Result:
...
raise AssertionError(problem_desc)
AssertionError: Expected alert description "handshake_failure" does not match received "decode_error"
Additional info:
This is a regression compared to 3.28.
Assignee | ||
Updated•7 years ago
|
Assignee: nobody → kaie
Assignee | ||
Updated•7 years ago
|
Target Milestone: --- → 3.36
Comment 1•7 years ago
|
||
Comment on attachment 8942888 [details]
Summary: RFC violation in handling Signature Algorithms extension
Martin Thomson [:mt:] has approved the revision.
https://phabricator.services.mozilla.com/D397#9749
Attachment #8942888 -
Flags: review+
Assignee | ||
Updated•7 years ago
|
Summary: RFC violation in handling Signature Algorithms extension → If TLS server has no signature algorithm overlap with the client hello list, the NSS server sends an incorrect TLS alert
Assignee | ||
Comment 2•7 years ago
|
||
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•