Closed Bug 936850 Opened 6 years ago Closed 5 years ago

TLS version fallback needs to be smarter about captive portals

Categories

(Core :: Security: PSM, defect)

defect
Not set

Tracking

()

RESOLVED INVALID

People

(Reporter: briansmith, Unassigned)

References

Details

1. When we detect TLS intolerance according to our existing heuristics, we need to try captive portal detection before trying to fall back.

2. Captive portals shouldn't cause us to keep on using degraded TLS after we've dealt with the captive portal. We should reset the TLS intolerance state after we've detected we've cleared the captive portal.

3. SSL_ERROR_RX_RECORD_TOO_LONG should trigger captive portal detection, but not version fallback. When a server responds to a TLS ClientHello with a plaintext HTTP response (instead of a SSL/TLS ServerHello), that will usually cause an SSL_ERROR_RX_RECORD_TOO_LONG error: "HTTP/1.1" at the start of the HTTP status line is : 0x48 0x54 0x54 0x50 0x2f 0x31 0x2e 0x31. In TLS, this is parsed as a record header:

Version 0x4854 (a version that will never exist)
Record Type 0x54 (invalid record type)
Record Length 0x502f (20,527)

Since the maximum record length is 16,384 (2^14) and libssl checks the record length before it checks the record type or version, libssl complains about the record length being too large.
Bug 445098 covers distinguishing "HTTP served on HTTPS port" in the UI. Having that case be distinguished might help here too.
No more version intolerance fallback -> INVALID.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.