[gnutls-devel] GnuTLS | Unexpected TLS packet during handshake with Twitter.com (#841)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Oct 4 09:09:41 CEST 2019

Nikos Mavrogiannopoulos commented:

Ok, I slept a little into it and I have an idea :)
The server hello parsing is checking extensions gradually as it progresses. When session resumption is selected in TLS1.2 only the "mandatory" extensions are parsed. See [this code](https://gitlab.com/gnutls/gnutls/blob/master/lib/handshake.c#L1939). So an idea is, that possibly some condition is not met for the new session ticket to be received later (something in [this code](https://gitlab.com/gnutls/gnutls/blob/master/lib/ext/session_ticket.c#L630). I have not checked the details nor verified it, but a fix may be:

diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c
index 98db39ff88..3ad8dec0ce 100644
--- a/lib/ext/session_ticket.c
+++ b/lib/ext/session_ticket.c
@@ -54,7 +54,7 @@ const hello_ext_entry_st ext_mod_session_ticket = {
-       .parse_type = GNUTLS_EXT_TLS,
+       .parse_type = GNUTLS_EXT_MANDATORY,
        .recv_func = session_ticket_recv_params,
        .send_func = session_ticket_send_params,
        .pack_func = session_ticket_pack,

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/841#note_225937699
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20191004/04823e02/attachment-0001.html>

More information about the Gnutls-devel mailing list