Closed Bug 1413634 Opened 4 years ago Closed 3 years ago
If TLS server has no signature algorithm overlap with the client hello list, the NSS server sends an incorrect TLS alert
45 bytes, text/x-phabricator-request
|Details | Review|
When the signature_algorithms extension in Client Hello includes only unrecognised values to NSS, the NSS server responds with decode_error alert instead of handshake_failure alert. RFC 5246: decode_error A message could not be decoded because some field was out of the specified range or the length of the message was incorrect. This message is always fatal and should never be observed in communication between proper implementations (except when messages were corrupted in the network). handshake_failure Reception of a handshake_failure alert message indicates that the sender was unable to negotiate an acceptable set of security parameters given the options available. This is a fatal error. Reproducer: Reproducer: git clone https://github.com/tomato42/tlsfuzzer.git pushd tlsfuzzer git clone https://github.com/warner/python-ecdsa .python-ecdsa ln -s .python-ecdsa/ecdsa ecdsa git clone https://github.com/tomato42/tlslite-ng.git .tlslite-ng pushd .tlslite-ng popd ln -s .tlslite-ng/tlslite tlslite popd openssl req -x509 -newkey rsa -keyout localhost.key -out localhost.crt -nodes -batch -subj /CN=localhost openssl pkcs12 -export -passout pass: -out localhost.p12 -inkey localhost.key -in localhost.crt mkdir nssdb certutil -N -d sql:nssdb --empty-password pk12util -i localhost.p12 -d sql:nssdb -W '' selfserv -n localhost -p 4433 -d sql:./nssdb -V tls1.0: -H 1 -U 0 -G # in another terminal, same directory PYTHONPATH=tlsfuzzer python tlsfuzzer/scripts/test-sig-algs.py 'only undefined sigalgs' Result: ... raise AssertionError(problem_desc) AssertionError: Expected alert description "handshake_failure" does not match received "decode_error" Additional info: This is a regression compared to 3.28.
Comment on attachment 8942888 [details] Summary: RFC violation in handling Signature Algorithms extension Martin Thomson [:mt:] has approved the revision. https://phabricator.services.mozilla.com/D397#9749
Attachment #8942888 - Flags: review+
Summary: RFC violation in handling Signature Algorithms extension → If TLS server has no signature algorithm overlap with the client hello list, the NSS server sends an incorrect TLS alert
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.