[gnutls-devel] GnuTLS | Renegotiation with both renegotiation_info and SCSV at once is allowed (#828)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Thu Sep 5 20:43:30 CEST 2019
t184256 created an issue: https://gitlab.com/gnutls/gnutls/issues/828
## Description of problem:
(from https://tools.ietf.org/html/rfc5746#section-3.5)
3.5. Client Behavior: Secure Renegotiation
* The client MUST include the "renegotiation_info" extension in the
ClientHello, containing the saved client_verify_data. \
The SCSV MUST NOT be included.
## Version of gnutls used:
2c0a798e37685eca4ae2674f29603a4840213fc6
## How reproducible:
Steps to Reproduce:
On a renegotiation, send both SCSV and renegotiation_info.
tlfuzzer script for invoking this behaviour:
https://github.com/tomato42/tlsfuzzer/pull/583/commits/f11c0e467c674d4d31e0cb8134c5edc14861c8e7
output:
```
sending both SCSV and renegotiation_info ...
Error encountered while processing node <tlsfuzzer.expect.ExpectAlert object at 0x7f714d1d4ad0> (child: None) with last message being: <tlslite.messages.Message object at 0x7f714d159b50>
Error while processing
Traceback (most recent call last):
File "scripts/test-legacy-renegotiation.py", line 320, in main
runner.run()
File "/home/asosedki/code/tlsfuzzer/tlsfuzzer/runner.py", line 225, in run
RecordHeader2)))
AssertionError: Unexpected message from peer: Handshake(server_hello)
```
## Actual results:
`ServerHello`
## Expected results:
`handshake_failure` alert
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/828
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190905/d6d8ca2b/attachment.html>
More information about the Gnutls-devel
mailing list