[gnutls-devel] GnuTLS | GnuTLS sends TLS 1.3 downgrade sentinel in TLS 1.3 (#689)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Feb 1 22:54:52 CET 2019

New Issue was created.

Issue 689: https://gitlab.com/gnutls/gnutls/issues/689
Author:    David Benjamin

## Description of problem:
GnuTLS sends the downgrade sentinel at TLS 1.3. Per RFC 8446, it should only be sent at TLS 1.2 or earlier.

Skimming `handshake.c`, the issue appears to be that `_gnutls_gen_server_random` is called very early, before the `supported_versions` extension is parsed.

## Version of gnutls used:
master branch. Also reproduced in 3.6.5.

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
compiled from source

## How reproducible:

Steps to Reproduce:

 * `gnutls-serv -p 4433 -a --x509certfile ./doc/credentials/x509/cert-rsa.pem --x509keyfile ./doc/credentials/x509/key-rsa.pem`
 * `openssl s_client -connect localhost:4433 -debug` with OpenSSL 1.1.1 or later
 * Look for the first block of "read from " lines, to find the ServerHello
 * Check the rest of the output to confirm TLS 1.3 was negotiated

## Actual results:

The ServerHello contains the string "DOWNGRD" in the printable hex dump (it's split over two rows), which is (most of) the TLS 1.3 downgrade sentinel.

## Expected results:

The TLS 1.3 downgrade sentinel is not present.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/689
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190201/77c7219c/attachment.html>

More information about the Gnutls-devel mailing list