Closed Bug 2001932 Opened 12 days ago Closed 9 days ago

Set SNI correctly when ECH Configs are available but disabled (e.g. by TLS version policy)

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: jacky.murda, Assigned: djackson)

References

(Blocks 1 open bug)

Details

Attachments

(2 files)

ech.pcap.gz PCAP file from attachment shows what happens when trying to connect site behind cloudflare-ech.com, and two other test sites (tls-ech.dev, tls.browserleaks.com) that does not fail just because they bind public SNI to the same server and has va
12.31 KB, application/x-gzip
Details
Bug 2001932 - Fix incorrect logic for SNI selection when ECH is available but disabled. r=mt,#nss-reviewers
48 bytes, text/x-phabricator-request
Details | Review

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:145.0) Gecko/20100101 Firefox/145.0

Steps to reproduce:

Disable TLS 1.3:
security.tls.version.max 3

Keep ECHConfig enabled (default):
network.dns.echconfig.enabled true

Actual results:

Firefox still trying to connect using public (outer) SNI from DNS ECHConfig which lead to Fatal Bad Certificate error if the server doesn't handle public SNI same way as inner SNI (sites behind Cloudflare ECH stop working).

Expected results:

Should connect using default SNI (same as network.dns.echconfig.enabled false)

pcap attach contains what happens trying to connect site behind cloudflare-ech.com, and two other test sites (tls-ech.dev, tls.browserleaks.com) that does not fail just because they bind Outer SNI to the same server and has valid certs for them (hopefully this bug does not break HTTP/1.1 host or HTTP/2 :authority).

The Bugbug bot thinks this bug should belong to the 'Core::Networking: DNS' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Networking: DNS
Product: Firefox → Core

Dennis, is this something we should address in NSS or Necko?

Blocks: ech
Flags: needinfo?(djackson)
Assignee: nobody → djackson
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true

Thank you for this bug report, which is incredibly helpful. I don't quite know how we missed this, but this will definitely have been causing problems for users with TLS 1.3 disabled.

The bug is in some logic in our cryptography library, so the fix will take a little while to get into Firefox Nightly.

Severity: -- → S2
Component: Networking: DNS → Libraries
Flags: needinfo?(djackson)
Priority: -- → P1
Product: Core → NSS
Summary: Do not try to use ECHConfig for TLS <1.3 → Set SNI correctly when ECH Configs are available but disabled (e.g. by TLS version policy)
Version: Firefox 145 → trunk

Pushed by djackson@mozilla.com:
https://hg.mozilla.org/projects/nss/rev/b208024bafa0
Fix incorrect logic for SNI selection when ECH is available but disabled. r=mt,nss-reviewers

Status: ASSIGNED → RESOLVED
Closed: 9 days ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: