Closed
Bug 1481275
Opened 6 years ago
Closed 6 years ago
NSS server asks for client certificate when resuming TLS 1.3 session
Categories
(NSS :: Test, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
3.39
People
(Reporter: hkario, Assigned: ueno)
Details
Attachments
(3 files)
NSS 3.28.0 When the selfserv is configured to ask for client certificates: selfserv -d sql:./nssdb/ -p 4433 -c :1302 -H 1 -rr -V tls1.3:tls1.3 -I P256 -u -n rsa-server it will ask for them also during session resumption, since session resumption is implemented using PSK key exchange, and in-handshake authentication is forbidden then, this is a protocol violation. to reproduce, run openssl to establish session: openssl s_client -sess_out sess.pem -CAfile ca/cert.pem -key rsa-client/key.pem -cert rsa-client/cert.pem -connect localhost:4433 -keylogfile openssl_keylog.txt -ciphersuites TLS_AES_256_GCM_SHA384 -groups P-256 then to resume it: openssl s_client -sess_in sess.pem -CAfile ca/cert.pem -connect localhost:4433 -keylogfile openssl_keylog.txt -key rsa-client/key.pem -cert rsa-client/cert.pem -ciphersuites TLS_AES_256_GCM_SHA384 -groups P-256 connection will fail with a: 140462239434560:error:141A10F4:SSL routines:ossl_statem_client_read_transition:unexpected message:ssl/statem/statem_clnt.c:395: Side note: the selfserv complains about SSL received a record with an incorrect Message Authentication Code. as the alert is sent in plaintext, but that's a separate bug.
Reporter | ||
Comment 1•6 years ago
|
||
packet capture of the session being established, and then two resumption attempts of it.
Reporter | ||
Comment 2•6 years ago
|
||
decryption keys for attachment 8997981 [details]
Reporter | ||
Comment 3•6 years ago
|
||
I did run the test with strsclnt too and it fails: strsclnt -c 10 -P 20 -p 4433 -C :1302 -d sql:./nssdb-cl/ -n rsa-client -V tls1.3:tls1.3 localhost strsclnt: -- SSL: Server Certificate Validated. strsclnt: 0 cache hits; 0 cache misses, 0 cache not reusable 0 stateless resumes strsclnt: -- SSL: Server Certificate Validated. strsclnt: PR_Send returned error -12242, OS error 0: SSL received an unexpected Certificate Request handshake message. strsclnt: PR_Send returned error -12242, OS error 0: SSL received an unexpected Certificate Request handshake message. strsclnt: PR_Send returned error -12242, OS error 0: SSL received an unexpected Certificate Request handshake message. strsclnt: PR_Send returned error -12242, OS error 0: SSL received an unexpected Certificate Request handshake message. strsclnt: PR_Send returned error -12242, OS error 0: SSL received an unexpected Certificate Request handshake message. strsclnt: PR_Send returned error -12242, OS error 0: SSL received an unexpected Certificate Request handshake message. strsclnt: PR_Send returned error -12242, OS error 0: SSL received an unexpected Certificate Request handshake message. strsclnt: 7 cache hits; 0 cache misses, 0 cache not reusable 7 stateless resumes so it looks like the issue is in the server state machine also: I made a typo in the the Description, I means 3.38.0, not 28
Assignee | ||
Comment 4•6 years ago
|
||
Comment 6•6 years ago
|
||
MT, I don't think there is actually a security issue here, I was just being careful. Assuming you agree, feel free to unhide.
Comment 7•6 years ago
|
||
I agree. Correctness, yes. Security, no.
Comment 8•6 years ago
|
||
Comment on attachment 9001308 [details] Bug 1481275, don't send certificate request when resuming with PSK Martin Thomson [:mt:] has approved the revision.
Attachment #9001308 -
Flags: review+
Comment 9•6 years ago
|
||
I can't clear the security flag, but that can happen any time. Feel free to land this as you like. Note that Kai is closing 3.39 for fixes today.
Assignee: nobody → dueno
Target Milestone: --- → 3.39
Updated•6 years ago
|
Group: crypto-core-security
Assignee | ||
Comment 10•6 years ago
|
||
Pushed as: https://hg.mozilla.org/projects/nss/rev/bbf9ca0f57ea
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•