<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<div></div>
<h2 dir="auto">
<a id="user-content-description-of-problem" class="anchor" href="#description-of-problem" aria-hidden="true"></a>Description of problem:</h2>
<p dir="auto">When a client tries to resume a TLS 1.2 session (using session ID) without advertising cipher used in previous session, gnutls continues resumption while picking cipher from the resumed session. This is RFC 5246 violation.</p>
<h2 dir="auto">
<a id="user-content-version-of-gnutls-used" class="anchor" href="#version-of-gnutls-used" aria-hidden="true"></a>Version of gnutls used:</h2>
<p dir="auto"><a href="https://gitlab.com/gnutls/gnutls/commit/435437ad94723612deb1e238379d457b2456d83f" data-original="435437ad94723612deb1e238379d457b2456d83f" data-link="false" data-link-reference="false" data-project="179611" data-commit="435437ad94723612deb1e238379d457b2456d83f" data-reference-type="commit" data-container="body" data-placement="bottom" title="Merge branch 'tmp-comment-style' into 'master'" class="gfm gfm-commit has-tooltip">435437ad</a></p>
<h2 dir="auto">
<a id="user-content-distributor-of-gnutls-eg-ubuntu-fedora-rhel" class="anchor" href="#distributor-of-gnutls-eg-ubuntu-fedora-rhel" aria-hidden="true"></a>Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)</h2>
<p dir="auto">manual compile on Fedora</p>
<h2 dir="auto">
<a id="user-content-how-reproducible" class="anchor" href="#how-reproducible" aria-hidden="true"></a>How reproducible:</h2>
<p dir="auto">always</p>
<p dir="auto">Steps to Reproduce:</p>
<ul dir="auto">
<li>run tlsfuzzer <code>test-resumption-with-wrong-ciphers.py</code> from <a href="https://github.com/tomato42/tlsfuzzer/pull/487" rel="nofollow noreferrer noopener" target="_blank">https://github.com/tomato42/tlsfuzzer/pull/487</a>
</li>
</ul>
<h2 dir="auto">
<a id="user-content-actual-results" class="anchor" href="#actual-results" aria-hidden="true"></a>Actual results:</h2>
<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">sanity ...</span>
<span id="LC2" class="line" lang="plaintext">OK</span>
<span id="LC3" class="line" lang="plaintext"></span>
<span id="LC4" class="line" lang="plaintext">sanity - session ID resume ...</span>
<span id="LC5" class="line" lang="plaintext">OK</span>
<span id="LC6" class="line" lang="plaintext"></span>
<span id="LC7" class="line" lang="plaintext">resumption of safe session with NULL cipher ...</span>
<span id="LC8" class="line" lang="plaintext">Error encountered while processing node <tlsfuzzer.expect.ExpectAlert object at 0x7f58a157b3d0> (child: <tlsfuzzer.expect.ExpectClose object at 0x7f58a157b410>) with last message being: <tlslite.messages.Message object at 0x7f58a157b950></span>
<span id="LC9" class="line" lang="plaintext">Error while processing</span>
<span id="LC10" class="line" lang="plaintext">Traceback (most recent call last):</span>
<span id="LC11" class="line" lang="plaintext"> File "scripts/test-resumption-with-wrong-ciphers.py", line 276, in main</span>
<span id="LC12" class="line" lang="plaintext"> runner.run()</span>
<span id="LC13" class="line" lang="plaintext"> File "/home/hkario/dev/tlsfuzzer/tlsfuzzer/runner.py", line 217, in run</span>
<span id="LC14" class="line" lang="plaintext"> RecordHeader2)))</span>
<span id="LC15" class="line" lang="plaintext">AssertionError: Unexpected message from peer: Handshake(server_hello)</span>
<span id="LC16" class="line" lang="plaintext"></span>
<span id="LC17" class="line" lang="plaintext">sanity - aes-256 cipher ...</span>
<span id="LC18" class="line" lang="plaintext">OK</span>
<span id="LC19" class="line" lang="plaintext"></span>
<span id="LC20" class="line" lang="plaintext">resumption with cipher from old CH but not selected by server ...</span>
<span id="LC21" class="line" lang="plaintext">Error encountered while processing node <tlsfuzzer.expect.ExpectAlert object at 0x7f58a15f3e50> (child: <tlsfuzzer.expect.ExpectClose object at 0x7f58a15f3e90>) with last message being: <tlslite.messages.Message object at 0x7f58a15b7cd0></span>
<span id="LC22" class="line" lang="plaintext">Error while processing</span>
<span id="LC23" class="line" lang="plaintext">Traceback (most recent call last):</span>
<span id="LC24" class="line" lang="plaintext"> File "scripts/test-resumption-with-wrong-ciphers.py", line 276, in main</span>
<span id="LC25" class="line" lang="plaintext"> runner.run()</span>
<span id="LC26" class="line" lang="plaintext"> File "/home/hkario/dev/tlsfuzzer/tlsfuzzer/runner.py", line 217, in run</span>
<span id="LC27" class="line" lang="plaintext"> RecordHeader2)))</span>
<span id="LC28" class="line" lang="plaintext">AssertionError: Unexpected message from peer: Handshake(server_hello)</span>
<span id="LC29" class="line" lang="plaintext"></span>
<span id="LC30" class="line" lang="plaintext">sanity ...</span>
<span id="LC31" class="line" lang="plaintext">OK</span>
<span id="LC32" class="line" lang="plaintext"></span>
<span id="LC33" class="line" lang="plaintext">Misbehaving client session resumption script</span>
<span id="LC34" class="line" lang="plaintext">Check if server detects a misbehaving client in session resumption</span>
<span id="LC35" class="line" lang="plaintext"></span>
<span id="LC36" class="line" lang="plaintext">Reproducer for CVE-2010-4180</span>
<span id="LC37" class="line" lang="plaintext"></span>
<span id="LC38" class="line" lang="plaintext">version: 1</span>
<span id="LC39" class="line" lang="plaintext"></span>
<span id="LC40" class="line" lang="plaintext">Test end</span>
<span id="LC41" class="line" lang="plaintext">successful: 4</span>
<span id="LC42" class="line" lang="plaintext">failed: 2</span>
<span id="LC43" class="line" lang="plaintext"> 'resumption of safe session with NULL cipher'</span>
<span id="LC44" class="line" lang="plaintext"> 'resumption with cipher from old CH but not selected by server'</span></code></pre>
<h2 dir="auto">
<a id="user-content-expected-results" class="anchor" href="#expected-results" aria-hidden="true"></a>Expected results:</h2>
<p dir="auto">all pass</p>
<p dir="auto">If the server recognised the session, it needs to verify that the new Client Hello can be used to resume old session and abort with <code>illegal_parameter</code> if it isn't.</p>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777777;">
—
<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/issues/657">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/sent_notifications/04498040adc1ad92a352a5402823ae4a/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/issues/657"}}</script>
</p>
</div>
</body>
</html>