Closed
Bug 874622
Opened 11 years ago
Closed 11 years ago
Undefined behavior when mixing new and OLD SSL version range APIs
Categories
(NSS :: Libraries, enhancement)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: briansmith, Assigned: mhamrick)
References
Details
+++ This bug was initially created as a clone of Bug #733647 +++ +++ This bug was initially created as a clone of Bug #565047 +++ (In reply to Alex Xu from Bug #733647 comment #11) [snip] > However, the fallback is not implemented properly; there is undefined > behavior in NSS due to the simultaneous use of SSL_VersionRangeSetDefault > and SSL_OptionSet(SSL_ENABLE_TLS). Alex, could you please explain what you mean by this? We tried to make things sensible when you mix the two APIs to avoid undefined behavior.
|
||
Updated•11 years ago
|
Summary: Undefined behavior when missing new and OLD SSL version range APIs → Undefined behavior when mixing new and OLD SSL version range APIs
Erm... I used undefined behavior not in the C standard sense, but in a vague "bad things might happen" sense. Moreover, it would appear that since I last read the code, my memory has faded. Here is the relevant portion I was attempting to recall: nss/lib/ssl/ssl.h: ** Using the new version range API in conjunction with the older ** SSL_OptionSet-based API for controlling the enabled protocol versions may ** cause unexpected results. Going forward, we guarantee only the following: ** ** SSL_OptionGet(SSL_ENABLE_TLS) will return PR_TRUE if *ANY* versions of TLS ** are enabled. ** ** SSL_OptionSet(SSL_ENABLE_TLS, PR_FALSE) will disable *ALL* versions of TLS, ** including TLS 1.0 and later. ** ** The above two properties provide compatibility for applications that use ** SSL_OptionSet to implement the insecure fallback from TLS 1.x to SSL 3.0. ** ** SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE) will enable TLS 1.0, and may also ** enable some later versions of TLS, if it is necessary to do so in order to ** keep the set of enabled versions contiguous. For example, if TLS 1.2 is ** enabled, then after SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE), TLS 1.0, ** TLS 1.1, and TLS 1.2 will be enabled, and the call will have no effect on ** whether SSL 3.0 is enabled. If no later versions of TLS are enabled at the ** time SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE) is called, then no later ** versions of TLS will be enabled by the call. ** ** SSL_OptionSet(SSL_ENABLE_SSL3, PR_FALSE) will disable SSL 3.0, and will not ** change the set of TLS versions that are enabled. ** ** SSL_OptionSet(SSL_ENABLE_SSL3, PR_TRUE) will enable SSL 3.0, and may also ** enable some versions of TLS if TLS 1.1 or later is enabled at the time of ** the call, the same way SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE) works, in ** order to keep the set of enabled versions contiguous. So. If I'm right (probably not), the current implementation is fine. However: the fallback code will disable TLS, both 1.0 and 1.1 if any intolerance is detected which is likely unintended behavior. It is also possible, IIRC, that the test for false intolerance may only enable TLS 1.0 or some other similar unintended behavior. It would, however, be sensible to implement bug 839310 comment 2 (re: yngve and assuming TLS tolerance if TLS Extension tolerant) properly. tl;dr I remembered wrong. False alarm, everybody. My apologies.
|
|
||
Comment 2•11 years ago
|
||
Thank you for the reply. Marked the bug invalid.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•