Open Bug 1489997 Opened 6 years ago Updated 2 years ago

RSASSA-PKCS1-v1_5 algorithms used in handshake messages are not rejected in TLS 1.3

Categories

(NSS :: Libraries, defect, P3)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

People

(Reporter: ueno, Unassigned)

Details

While RFC 8446 4.2.3 says: RSASSA-PKCS1-v1_5 algorithms: Indicates a signature algorithm using RSASSA-PKCS1-v1_5 [RFC8017] with the corresponding hash algorithm as defined in [SHS]. These values refer solely to signatures which appear in certificates (see Section 4.4.2.2) and are not defined for use in signed TLS handshake messages, although they MAY appear in "signature_algorithms" and "signature_algorithms_cert" for backward compatibility with TLS 1.2. NSS server accepts those algorithms and continues the handshake. To reproduce with tlsfuzzer: $ selfserv -w nss -d sql:server -V tls1.0: -H 1 -n localhost.localdomain -u -p 4433 $ PYTHONPATH=. python ./scripts/test-tls13-pkcs-signature.py 'rsa_pkcs1_sha256 signature' rsa_pkcs1_sha256 signature ... Error encountered while processing node <tlsfuzzer.expect.ExpectAlert object at 0x7fec20d6c990> (child: <tlsfuzzer.expect.ExpectClose object at 0x7fec20d6cc90>) with last message being: <tlslite.messages.Message object at 0x7fec20d724d0> Error while processing Traceback (most recent call last): File "./scripts/test-tls13-pkcs-signature.py", line 163, in main runner.run() File "/home/dueno/devel/tlsfuzzer/tlsfuzzer/runner.py", line 217, in run RecordHeader2))) AssertionError: Unexpected message from peer: Handshake(server_hello)
Priority: -- → P3
QA Contact: jjones
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.