Closed
Bug 1452549
Opened 7 years ago
Closed 7 years ago
application_data before handshake completes terminates DTLS
Categories
(NSS :: Libraries, enhancement)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.38
People
(Reporter: mt, Assigned: mt)
References
Details
Attachments
(1 file)
This manifests as an annoying intermittent error, such as:
https://queue.taskcluster.net/v1/task/fKr3A92TSUq8Tgb-3ATosw/runs/0/artifacts/public/logs/live_backing.log
Why it doesn't cause errors more often is that the length field that is being read is actually ciphertext, and most times that produces a value that exceeds the amount of data available, so we (correctly) identify it as junk and throw it away. Only when the length is small enough do we see an error. In the real world, failure rates would increase in proportion to the certificate size, up to the MTU.
What happens here is that if the application data arrives early, then the connection explodes.
|
||
Comment 1•7 years ago
|
||
|
Assignee | |
Comment 2•7 years ago
|
||
I realize that I wasn't very clear here. TLS 1.3 handshake messages appear to use the application_data content type, so if those handshake messages arrive too early, then NSS might think that they are valid application_data messages and process them with the NULL cipher, which tends to work. That then triggers the explosion.
|
||
Comment 4•7 years ago
|
||
| Comment hidden (Intermittent Failures Robot) |
| Comment hidden (Intermittent Failures Robot) |
|
|
||
Comment 7•7 years ago
|
||
Comment on attachment 8966118 [details]
Bug 1452549 - Discard application data that arrives before DTLS handshake completes, r?ekr
Eric Rescorla (:ekr) has approved the revision.
https://phabricator.services.mozilla.com/D879
Attachment #8966118 -
Flags: review+
|
|
Assignee | |
Comment 8•7 years ago
|
||
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.38
You need to log in
before you can comment on or make changes to this bug.
Description
•