<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<div></div>
<h2 dir="auto">
<a id="user-content-description-of-problem" class="anchor" href="#description-of-problem" aria-hidden="true"></a>Description of problem:</h2>
<p dir="auto">When GnuTLS is forced to perform HRR, it will send a Client Hello with version set to 0x7f1c (TLS 1.3 draft 28), this breaks the connection as the first and second Client Hello must be identical with just few exceptions, it is also a protocol violation, as the new versions can show only in the <code>supported_versions</code> extension</p>
<h2 dir="auto">
<a id="user-content-version-of-gnutls-used" class="anchor" href="#version-of-gnutls-used" aria-hidden="true"></a>Version of gnutls used:</h2>
<p dir="auto"><a href="https://gitlab.com/gnutls/gnutls/commit/4e87865c0152a98b899272dbe7cf3a459e04b351" data-original="4e87865c0152a98b899272dbe7cf3a459e04b351" data-link="false" data-link-reference="false" data-project="179611" data-commit="4e87865c0152a98b899272dbe7cf3a459e04b351" data-reference-type="commit" data-container="body" data-placement="bottom" title="certtool: added example of converting to DER in manpage" class="gfm gfm-commit has-tooltip">4e87865c</a></p>
<h2 dir="auto">
<a id="user-content-distributor-of-gnutls-eg-ubuntu-fedora-rhel" class="anchor" href="#distributor-of-gnutls-eg-ubuntu-fedora-rhel" aria-hidden="true"></a>Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)</h2>
<p dir="auto">local compile, Fedora 27</p>
<h2 dir="auto">
<a id="user-content-how-reproducible" class="anchor" href="#how-reproducible" aria-hidden="true"></a>How reproducible:</h2>
<p dir="auto">Steps to Reproduce:</p>
<ul dir="auto">
<li>use tlslite-ng (master, 02852484e5ca), reconfigure it using the following patch to force sending HRR:
<pre class="code highlight js-syntax-highlight diff" lang="diff" v-pre="true"><code><span id="LC1" class="line" lang="diff"><span class="gh">diff --git a/tlslite/handshakesettings.py b/tlslite/handshakesettings.py</span></span>
<span id="LC2" class="line" lang="diff"><span class="gh">index ccf08d6..821277f 100644</span></span>
<span id="LC3" class="line" lang="diff"><span class="gd">--- a/tlslite/handshakesettings.py</span></span>
<span id="LC4" class="line" lang="diff"><span class="gi">+++ b/tlslite/handshakesettings.py</span></span>
<span id="LC5" class="line" lang="diff"><span class="gu">@@ -213,11 +213,11 @@ class HandshakeSettings(object):</span></span>
<span id="LC6" class="line" lang="diff"> self.rsaSigHashes = list(RSA_SIGNATURE_HASHES)</span>
<span id="LC7" class="line" lang="diff"> self.rsaSchemes = list(RSA_SCHEMES)</span>
<span id="LC8" class="line" lang="diff"> # DH key settings</span>
<span id="LC9" class="line" lang="diff"><span class="gd">- self.eccCurves = list(CURVE_NAMES)</span></span>
<span id="LC10" class="line" lang="diff"><span class="gi">+ self.eccCurves = ['secp384r1']#list(CURVE_NAMES)</span></span>
<span id="LC11" class="line" lang="diff"> self.dhParams = None</span>
<span id="LC12" class="line" lang="diff"> self.dhGroups = list(ALL_DH_GROUP_NAMES)</span>
<span id="LC13" class="line" lang="diff"><span class="gd">- self.defaultCurve = "secp256r1"</span></span>
<span id="LC14" class="line" lang="diff"><span class="gd">- self.keyShares = ["secp256r1", "x25519"]</span></span>
<span id="LC15" class="line" lang="diff"><span class="gi">+ self.defaultCurve = "secp384r1"</span></span>
<span id="LC16" class="line" lang="diff"><span class="gi">+ self.keyShares = []#["secp256r1", "x25519"]</span></span>
<span id="LC17" class="line" lang="diff"> self.padding_cb = None</span>
<span id="LC18" class="line" lang="diff"> </span>
<span id="LC19" class="line" lang="diff"> def _init_misc_extensions(self):</span>
<span id="LC20" class="line" lang="diff"><span class="gh">diff --git a/tlslite/tlsconnection.py b/tlslite/tlsconnection.py</span></span>
<span id="LC21" class="line" lang="diff"><span class="gh">index 154bbcf..e71fdd5 100644</span></span>
<span id="LC22" class="line" lang="diff"><span class="gd">--- a/tlslite/tlsconnection.py</span></span>
<span id="LC23" class="line" lang="diff"><span class="gi">+++ b/tlslite/tlsconnection.py</span></span>
<span id="LC24" class="line" lang="diff"><span class="gu">@@ -3060,6 +3060,8 @@ class TLSConnection(TLSRecordLayer):</span></span>
<span id="LC25" class="line" lang="diff"> clientHello1.extensions.remove(old_ext)</span>
<span id="LC26" class="line" lang="diff"> </span>
<span id="LC27" class="line" lang="diff"> if clientHello1 != clientHello:</span>
<span id="LC28" class="line" lang="diff"><span class="gi">+ print("old hello: {0!r}".format(clientHello1))</span></span>
<span id="LC29" class="line" lang="diff"><span class="gi">+ print("new hello: {0!r}".format(clientHello))</span></span>
<span id="LC30" class="line" lang="diff"> for result in self._sendError(AlertDescription</span>
<span id="LC31" class="line" lang="diff"> .illegal_parameter,</span>
<span id="LC32" class="line" lang="diff"> "Old Client Hello does not "</span></code></pre>
</li>
<li>start server: <code>PYTHONPATH=. python scripts/tls.py server -c tests/serverX509Cert.pem -k tests/serverX509Key.pem localhost:4433</code>
</li>
<li>connect gnutls: <code>src/gnutls-cli --insecure --port 4433 --resume --priority NORMAL:+VERS-TLS1.3 localhost</code>
</li>
</ul>
<h2 dir="auto">
<a id="user-content-actual-results" class="anchor" href="#actual-results" aria-hidden="true"></a>Actual results:</h2>
<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">Processed 0 CA certificate(s).</span>
<span id="LC2" class="line" lang="plaintext">Resolving 'localhost:4433'...</span>
<span id="LC3" class="line" lang="plaintext">Connecting to '::1:4433'...</span>
<span id="LC4" class="line" lang="plaintext">Connecting to '127.0.0.1:4433'...</span>
<span id="LC5" class="line" lang="plaintext">*** Fatal error: A TLS fatal alert has been received.</span>
<span id="LC6" class="line" lang="plaintext">*** Received alert [47]: Illegal parameter</span>
<span id="LC7" class="line" lang="plaintext">*** handshake has failed: A TLS fatal alert has been received.</span></code></pre>
<p dir="auto">on server side:</p>
<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">I am an HTTPS test server, I will listen on localhost:4433</span>
<span id="LC2" class="line" lang="plaintext">Serving files from /home/hkario/dev/tlslite-1</span>
<span id="LC3" class="line" lang="plaintext">Using certificate and private key...</span>
<span id="LC4" class="line" lang="plaintext">About to handshake...</span>
<span id="LC5" class="line" lang="plaintext">old hello: ClientHello(ssl2=False, client_version=(3.3), random=bytearray(b'K\xddly6\xf2\xcb\xb8\xc70H\xf3\xac\xdb\x19\x13\xfb\xd4\xb7\x07\xa0.\x0b\xb9\xbe\x98\x95\xfd+Df\xea'), session_id=bytearray(b''), cipher_suites=[4866, 4867, 4865, 4868, 49196, 52393, 49325, 49162, 49195, 49324, 49161, 49200, 52392, 49172, 49199, 49171, 157, 49309, 53, 156, 49308, 47, 159, 52394, 49311, 57, 158, 49310, 51], compression_methods=[0], extensions=[StatusRequestExtension(status_type=1, responder_id_list=[], request_extensions=bytearray(b'')), SupportedGroupsExtension(groups=[secp256r1, secp384r1, secp521r1, x25519, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe8192]), ECPointFormatsExtension(formats=[uncompressed]), SignatureAlgorithmsExtension(sigalgs=[rsa_pkcs1_sha256, rsa_pss_pss_sha256, rsa_pss_rsae_sha256, (sha256, ecdsa), (8, 7), rsa_pkcs1_sha384, rsa_pss_pss_sha384, rsa_pss_rsae_sha384, (sha384, ecdsa), rsa_pkcs1_sha512, rsa_pss_pss_sha512, rsa_pss_rsae_sha512, (sha512, ecdsa), rsa_pkcs1_sha1, (sha1, ecdsa)]), TLSExtension(extType=22, extData=bytearray(b''), serverType=False, encExtType=False), TLSExtension(extType=23, extData=bytearray(b''), serverType=False, encExtType=False), TLSExtension(extType=35, extData=bytearray(b''), serverType=False, encExtType=False), TLSExtension(extType=51, extData=bytearray(b'\x00e\x00\x18\x00a\x04\xfc\xfb\x1e\xc9\x8e\xbf\xa2 \x90|\xae\xbd\x05\x92\x18\r\xc5\xb8PuK?Nv\x15\x1f\xe2\x8dp\xf3\x1b\x9e\xac\xc1!\x8d\x9e\xbeW&\xfd\x12v\x18XbK\xf6\xfb\x1f\xc6\x93\xff\xe2A|/0re%\xe9C\xb1\xf3d\x93\xaf\xa9V\xe1{XZ\x18\xed\x10\x83\x1a\xbd\x1d\xa9a\xb1\xdb\xeb\xb0`\xeb\x01=\x865\xe7%\x8e'), serverType=False, encExtType=False), SupportedVersionsExtension(versions=[(3, 3), (3, 2), (3, 1), (127, 28)]), RenegotiationInfoExtension(len(renegotiated_connection)=0), SNIExtension(serverNames=[ServerName(name_type=0, name=bytearray(b'localhost'))]), CookieExtension(len(cookie)=32), PskKeyExchangeModesExtension(modes=[psk_dhe_ke, psk_ke])])</span>
<span id="LC6" class="line" lang="plaintext">new hello: ClientHello(ssl2=False, client_version=(127.28), random=bytearray(b'K\xddly6\xf2\xcb\xb8\xc70H\xf3\xac\xdb\x19\x13\xfb\xd4\xb7\x07\xa0.\x0b\xb9\xbe\x98\x95\xfd+Df\xea'), session_id=bytearray(b''), cipher_suites=[4866, 4867, 4865, 4868, 49196, 52393, 49325, 49162, 49195, 49324, 49161, 49200, 52392, 49172, 49199, 49171, 157, 49309, 53, 156, 49308, 47, 159, 52394, 49311, 57, 158, 49310, 51], compression_methods=[0], extensions=[StatusRequestExtension(status_type=1, responder_id_list=[], request_extensions=bytearray(b'')), SupportedGroupsExtension(groups=[secp256r1, secp384r1, secp521r1, x25519, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe8192]), ECPointFormatsExtension(formats=[uncompressed]), SignatureAlgorithmsExtension(sigalgs=[rsa_pkcs1_sha256, rsa_pss_pss_sha256, rsa_pss_rsae_sha256, (sha256, ecdsa), (8, 7), rsa_pkcs1_sha384, rsa_pss_pss_sha384, rsa_pss_rsae_sha384, (sha384, ecdsa), rsa_pkcs1_sha512, rsa_pss_pss_sha512, rsa_pss_rsae_sha512, (sha512, ecdsa), rsa_pkcs1_sha1, (sha1, ecdsa)]), TLSExtension(extType=22, extData=bytearray(b''), serverType=False, encExtType=False), TLSExtension(extType=23, extData=bytearray(b''), serverType=False, encExtType=False), TLSExtension(extType=35, extData=bytearray(b''), serverType=False, encExtType=False), TLSExtension(extType=51, extData=bytearray(b'\x00e\x00\x18\x00a\x04\xfc\xfb\x1e\xc9\x8e\xbf\xa2 \x90|\xae\xbd\x05\x92\x18\r\xc5\xb8PuK?Nv\x15\x1f\xe2\x8dp\xf3\x1b\x9e\xac\xc1!\x8d\x9e\xbeW&\xfd\x12v\x18XbK\xf6\xfb\x1f\xc6\x93\xff\xe2A|/0re%\xe9C\xb1\xf3d\x93\xaf\xa9V\xe1{XZ\x18\xed\x10\x83\x1a\xbd\x1d\xa9a\xb1\xdb\xeb\xb0`\xeb\x01=\x865\xe7%\x8e'), serverType=False, encExtType=False), SupportedVersionsExtension(versions=[(3, 3), (3, 2), (3, 1), (127, 28)]), RenegotiationInfoExtension(len(renegotiated_connection)=0), SNIExtension(serverNames=[ServerName(name_type=0, name=bytearray(b'localhost'))]), CookieExtension(len(cookie)=32), PskKeyExchangeModesExtension(modes=[psk_dhe_ke, psk_ke])])</span>
<span id="LC7" class="line" lang="plaintext">----------------------------------------</span>
<span id="LC8" class="line" lang="plaintext">Exception happened during processing of request from ('127.0.0.1', 46552)</span>
<span id="LC9" class="line" lang="plaintext">Traceback (most recent call last):</span>
<span id="LC10" class="line" lang="plaintext"> File "/usr/lib64/python2.7/SocketServer.py", line 596, in process_request_thread</span>
<span id="LC11" class="line" lang="plaintext"> self.finish_request(request, client_address)</span>
<span id="LC12" class="line" lang="plaintext"> File "/home/hkario/dev/tlslite-1/tlslite/integration/tlssocketservermixin.py", line 55, in finish_request</span>
<span id="LC13" class="line" lang="plaintext"> if self.handshake(tlsConnection) == True:</span>
<span id="LC14" class="line" lang="plaintext"> File "scripts/tls.py", line 500, in handshake</span>
<span id="LC15" class="line" lang="plaintext"> sni=sni)</span>
<span id="LC16" class="line" lang="plaintext"> File "/home/hkario/dev/tlslite-1/tlslite/tlsconnection.py", line 1694, in handshakeServer</span>
<span id="LC17" class="line" lang="plaintext"> nextProtos=nextProtos, anon=anon, alpn=alpn, sni=sni):</span>
<span id="LC18" class="line" lang="plaintext"> File "/home/hkario/dev/tlslite-1/tlslite/tlsconnection.py", line 1723, in handshakeServerAsync</span>
<span id="LC19" class="line" lang="plaintext"> for result in self._handshakeWrapperAsync(handshaker, checker):</span>
<span id="LC20" class="line" lang="plaintext"> File "/home/hkario/dev/tlslite-1/tlslite/tlsconnection.py", line 3462, in _handshakeWrapperAsync</span>
<span id="LC21" class="line" lang="plaintext"> for result in handshaker:</span>
<span id="LC22" class="line" lang="plaintext"> File "/home/hkario/dev/tlslite-1/tlslite/tlsconnection.py", line 1767, in _handshakeServerAsyncHelper</span>
<span id="LC23" class="line" lang="plaintext"> anon, alpn, sni):</span>
<span id="LC24" class="line" lang="plaintext"> File "/home/hkario/dev/tlslite-1/tlslite/tlsconnection.py", line 3067, in _serverGetClientHello</span>
<span id="LC25" class="line" lang="plaintext"> "Old Client Hello does not "</span>
<span id="LC26" class="line" lang="plaintext"> File "/home/hkario/dev/tlslite-1/tlslite/tlsrecordlayer.py", line 581, in _sendError</span>
<span id="LC27" class="line" lang="plaintext"> raise TLSLocalAlert(alert, errorStr)</span>
<span id="LC28" class="line" lang="plaintext">TLSLocalAlert: illegal_parameter: Old Client Hello does not match the updated Client Hello</span>
<span id="LC29" class="line" lang="plaintext">----------------------------------------</span></code></pre>
<h2 dir="auto">
<a id="user-content-expected-results" class="anchor" href="#expected-results" aria-hidden="true"></a>Expected results:</h2>
<p dir="auto">Connection established</p>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777;">
—
<br>
Reply to this email directly or
<a href="https://gitlab.com/gnutls/gnutls/issues/535">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/sent_notifications/b57a327d18f5ba9858d333b97f809a61/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/issues/535"}}</script>
</p>
</div>
</body>
</html>