[gnutls-devel] GnuTLS | GnuTLS sends TLS 1.3 downgrade sentinel in TLS 1.3 (#689)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Fri Feb 1 22:54:52 CET 2019
New Issue was created.
Issue 689: https://gitlab.com/gnutls/gnutls/issues/689
Author: David Benjamin
## Description of problem:
GnuTLS sends the downgrade sentinel at TLS 1.3. Per RFC 8446, it should only be sent at TLS 1.2 or earlier.
Skimming `handshake.c`, the issue appears to be that `_gnutls_gen_server_random` is called very early, before the `supported_versions` extension is parsed.
## Version of gnutls used:
master branch. Also reproduced in 3.6.5.
## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
compiled from source
## How reproducible:
Steps to Reproduce:
* `gnutls-serv -p 4433 -a --x509certfile ./doc/credentials/x509/cert-rsa.pem --x509keyfile ./doc/credentials/x509/key-rsa.pem`
* `openssl s_client -connect localhost:4433 -debug` with OpenSSL 1.1.1 or later
* Look for the first block of "read from " lines, to find the ServerHello
* Check the rest of the output to confirm TLS 1.3 was negotiated
## Actual results:
The ServerHello contains the string "DOWNGRD" in the printable hex dump (it's split over two rows), which is (most of) the TLS 1.3 downgrade sentinel.
## Expected results:
The TLS 1.3 downgrade sentinel is not present.
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/689
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnutls-devel