[gnutls-devel] GnuTLS | Unexpected TLS packet during handshake with Twitter.com (#841)

Sat Sep 28 21:09:02 CEST 2019

IBBoard created an issue: https://gitlab.com/gnutls/gnutls/issues/841

## Description of problem:

I *think* I might be having a similar bug to #822, but it's from Twitter and it's happening the opposite way around for the expected/received types. Also, it can happen as soon as the app loads rather than after a prolonged period of not being used.

My Twitter client currently errors at irregular intervals when accessing the Twitter API because it gets an out of sequence packet for its current state.

## Version of gnutls used:
3.6.9

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
openSUSE Tumbleweed

## How reproducible:

Steps to Reproduce:

 * Install Cawbird (https://ibboard.co.uk/cawbird/)
 * Run `cawbird` from a terminal to see the logging
 * Login to your Twitter account
 * Load individual tweet by double-clicking on it, click back
 * Go back to previous step

(Sorry, I don't have a smaller test case yet, but tweet loading is passive)

## Actual results:

Eventually, it will fail to load a tweet and something a bit like:

```
(cawbird:14730): cawbird-WARNING **: 11:43:55.926: Could not send tweet: Error performing TLS handshake: An unexpected TLS packet was received.

(cawbird:14730): cawbird-WARNING **: 11:43:55.926: ComposeTweetWindow.vala:310: Error 5151.4 (ComposeTweetWindow.vala.310): Error performing TLS handshake: An unexpected TLS packet was received.
```

will be printed to the terminal (but that specific error is from trying to send a tweet). If you're unlucky then the timeline will have failed to load when you started and it will have shown a similar error.

Based on packet capture, it happens when "New Session Ticket" and "Change Cipher Spec" are set on the Sever Hello, but not on just "Change Cipher Spec". When running with `GNUTLS_DEBUG_LEVEL` set then I see:

```
gnutls[5]: REC[0x55bf5cb1e6b0]: SSL 3.3 Handshake packet received. Epoch 0, length: 85
gnutls[5]: REC[0x55bf5cb1e6b0]: Expected Packet Handshake(22)
gnutls[5]: REC[0x55bf5cb1e6b0]: Received Packet Handshake(22) with length: 85
gnutls[5]: REC[0x55bf5cb1e6b0]: Decrypted Packet[0] Handshake(22) with length: 85
gnutls[4]: HSK[0x55bf5cb1e6b0]: SERVER HELLO (2) was received. Length 81[81], frag offset 0, frag length: 81, sequence: 0
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1161
gnutls[3]: ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1413
gnutls[4]: HSK[0x55bf5cb1e6b0]: Server's version: 3.3
gnutls[4]: HSK[0x55bf5cb1e6b0]: SessionID length: 32
gnutls[4]: HSK[0x55bf5cb1e6b0]: SessionID: …
gnutls[4]: EXT[0x55bf5cb1e6b0]: Parsing extension 'Safe Renegotiation/65281' (1 bytes)
gnutls[4]: HSK[0x55bf5cb1e6b0]: Safe renegotiation succeeded
gnutls[5]: REC[0x55bf5cb1e6b0]: SSL 3.3 Handshake packet received. Epoch 0, length: 186
gnutls[5]: REC[0x55bf5cb1e6b0]: Expected Packet ChangeCipherSpec(20)
gnutls[5]: REC[0x55bf5cb1e6b0]: Received Packet Handshake(22) with length: 186
gnutls[5]: REC[0x55bf5cb1e6b0]: Decrypted Packet[1] Handshake(22) with length: 186
gnutls[3]: ASSERT: record.c[recv_hello_request]:774
gnutls[3]: ASSERT: record.c[_gnutls_recv_in_buffers]:1579
gnutls[3]: ASSERT: record.c[_gnutls_recv_int]:1777
gnutls[3]: ASSERT: handshake.c[recv_handshake_final]:3272
gnutls[3]: ASSERT: handshake.c[handshake_client]:3074
gnutls[3]: ASSERT: buffers.c[_gnutls_io_read_buffered]:589
gnutls[3]: ASSERT: record.c[_gnutls_recv_int]:1777
```

Compared to #822 I get the "Parsing extension 'Safe Renegotiation'", which succeeds, but then I get "Expected Packet ChangeCipherSpec(20)" and "Received Packet Handshake(22)" and a different set of asserts.

## Expected results:

GnuTLS handles the New Session Ticket packet and doesn't treat it as "unexpected".

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/841
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190928/694690c4/attachment-0001.html>