Open Bug 1752511 Opened 4 years ago Updated 4 years ago

NSS sends a Hello Retry Request if a Key Share extension is missing in a TLS 1.3 Client Hello

Categories

(NSS :: Libraries, defect, P3)

Product:
NSS
Component:
Libraries
Version:
3.74
Type:
defect

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: m.maehren, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: nss-nofx)

Attachments

(1 file)

nss-noKeyShareExtension_HRR.pcapng
1.05 KB, application/x-pcapng
Details

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36

Actual results:

Upon receiving a Client Hello that contains a Supported Versions extension offering TLS 1.3 and a Supported Groups extension but no Key Share extension, NSS sends a Hello Retry Request.

Expected results:

According to RFC 8446 NSS should abort with a missing_extension alert:

Section 9.2. Mandatory-to-Implement Extensions:
A client is considered to be attempting to negotiate using this
specification if the ClientHello contains a "supported_versions"
extension with 0x0304 contained in its body. Such a ClientHello
message MUST meet the following requirements:
[...]

If containing a "supported_groups" extension, it MUST also contain
a "key_share" extension, and vice versa.  An empty
KeyShare.client_shares vector is permitted.

Servers receiving a ClientHello which does not conform to these
requirements MUST abort the handshake with a "missing_extension"
alert.

Blocks: 1714579
Priority: -- → P3

The severity field is not set for this bug.
:beurdouche, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(bbeurdouche)
Severity: -- → S4
Whiteboard: nss-nofx
Flags: needinfo?(bbeurdouche)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: