Closed Bug 1452549 Opened 3 years ago Closed 2 years ago
_data before handshake completes terminates DTLS
45 bytes, text/x-phabricator-request
|Details | Review|
This manifests as an annoying intermittent error, such as: https://queue.taskcluster.net/v1/task/fKr3A92TSUq8Tgb-3ATosw/runs/0/artifacts/public/logs/live_backing.log Why it doesn't cause errors more often is that the length field that is being read is actually ciphertext, and most times that produces a value that exceeds the amount of data available, so we (correctly) identify it as junk and throw it away. Only when the length is small enough do we see an error. In the real world, failure rates would increase in proportion to the certificate size, up to the MTU. What happens here is that if the application data arrives early, then the connection explodes.
I realize that I wasn't very clear here. TLS 1.3 handshake messages appear to use the application_data content type, so if those handshake messages arrive too early, then NSS might think that they are valid application_data messages and process them with the NULL cipher, which tends to work. That then triggers the explosion.
Comment on attachment 8966118 [details] Bug 1452549 - Discard application data that arrives before DTLS handshake completes, r?ekr Eric Rescorla (:ekr) has approved the revision. https://phabricator.services.mozilla.com/D879
Attachment #8966118 - Flags: review+
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.38
You need to log in before you can comment on or make changes to this bug.