Open
Bug 1489997
Opened 6 years ago
Updated 2 years ago
RSASSA-PKCS1-v1_5 algorithms used in handshake messages are not rejected in TLS 1.3
Categories
(NSS :: Libraries, defect, P3)
NSS
Libraries
Tracking
(Not tracked)
NEW
People
(Reporter: ueno, Unassigned)
Details
While RFC 8446 4.2.3 says:
RSASSA-PKCS1-v1_5 algorithms: Indicates a signature algorithm using
RSASSA-PKCS1-v1_5 [RFC8017] with the corresponding hash algorithm
as defined in [SHS]. These values refer solely to signatures
which appear in certificates (see Section 4.4.2.2) and are not
defined for use in signed TLS handshake messages, although they
MAY appear in "signature_algorithms" and
"signature_algorithms_cert" for backward compatibility with
TLS 1.2.
NSS server accepts those algorithms and continues the handshake.
To reproduce with tlsfuzzer:
$ selfserv -w nss -d sql:server -V tls1.0: -H 1 -n localhost.localdomain -u -p 4433
$ PYTHONPATH=. python ./scripts/test-tls13-pkcs-signature.py 'rsa_pkcs1_sha256 signature'
rsa_pkcs1_sha256 signature ...
Error encountered while processing node <tlsfuzzer.expect.ExpectAlert object at 0x7fec20d6c990> (child: <tlsfuzzer.expect.ExpectClose object at 0x7fec20d6cc90>) with last message being: <tlslite.messages.Message object at 0x7fec20d724d0>
Error while processing
Traceback (most recent call last):
File "./scripts/test-tls13-pkcs-signature.py", line 163, in main
runner.run()
File "/home/dueno/devel/tlsfuzzer/tlsfuzzer/runner.py", line 217, in run
RecordHeader2)))
AssertionError: Unexpected message from peer: Handshake(server_hello)
Updated•5 years ago
|
Priority: -- → P3
QA Contact: jjones
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•