<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
On 09/18/2017 01:07 AM, Mahesh Bhoothapuri wrote:<br>
<blockquote type="cite"
cite="mid:CAFTmK8FHgp5f=jgz3PTiNHoBx8_+z8p8SfHTuGCNV1DwiVjPJw@mail.gmail.com">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<p style="font-family:Calibri,Helvetica,sans-serif;font-size:16px">Hi,</p>
<p style="font-family:Calibri,Helvetica,sans-serif;font-size:16px">I
am sending a Tls 1.3 client hello, and am seeing an issue with<br>
</p>
<p style="font-family:Calibri,Helvetica,sans-serif;font-size:16px">ossl_statem_client_write_<wbr>transition
in statem_clnt.c.</p>
<p style="font-family:Calibri,Helvetica,sans-serif;font-size:16px"><br>
</p>
<div
style="font-family:Calibri,Helvetica,sans-serif;font-size:16px">
/*<br>
* Note that immediately before/after a ClientHello we don't
know what<br>
* version we are going to negotiate yet, so we don't take
this branch until<br>
* later<br>
*/<br>
<br>
<div>/*<br>
* ossl_statem_client_write_<wbr>transition() works out what
handshake state to<br>
* move to next when the client is writing messages to be sent
to the server.<br>
*/<br>
WRITE_TRAN ossl_statem_client_write_<wbr>transition(SSL *s)<br>
{<br>
</div>
<br>
if (SSL_IS_TLS13(s))<br>
return ossl_statem_client13_write_<wbr>transition(s);</div>
<div
style="font-family:Calibri,Helvetica,sans-serif;font-size:16px">}</div>
<p style="font-family:Calibri,Helvetica,sans-serif;font-size:16px">And
in:</p>
<p style="font-family:Calibri,Helvetica,sans-serif;font-size:16px"><br>
</p>
<div
style="font-family:Calibri,Helvetica,sans-serif;font-size:16px">/*<br>
* ossl_statem_client_write_trans<wbr>ition() works out what
handshake state to<br>
* move to next when the client is writing messages to be sent
to the server.<br>
*/<br>
WRITE_TRAN ossl_statem_client_write_trans<wbr>ition(SSL *s)<br>
{<br>
<br>
<div> /*<br>
* Note: There are no cases for TLS_ST_BEFORE because we
haven't negotiated<br>
* TLSv1.3 yet at that point. They are handled by<br>
* ossl_statem_client_write_trans<wbr>ition().<br>
*/<br>
</div>
<br>
<div> switch (st->hand_state) {<br>
default:<br>
/* Shouldn't happen */<br>
return WRITE_TRAN_ERROR;<br>
<br>
}<br>
<br>
With a TLS 1.3 client hello, using tls 1.3 version, the
st->hand_state is </div>
</div>
</blockquote>
<br>
Sorry, I just want to clarify what you are doing -- are you taking
SSL_CTX_new(TLS_method()) and then calling
SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION) and
SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)?<br>
<br>
I note that there is no version-specific TLSv1_3_method() available,
and in any case, it's of questionable wisdom to attempt to force TLS
1.3 only while the specification is still in draft status -- in any
case where the client and server implementations are not tightly
controlled, negotiation failures seem quite likely.<br>
<br>
<blockquote type="cite"
cite="mid:CAFTmK8FHgp5f=jgz3PTiNHoBx8_+z8p8SfHTuGCNV1DwiVjPJw@mail.gmail.com">
<div
style="font-family:Calibri,Helvetica,sans-serif;font-size:16px">
<div>TLS_ST_BEFORE and so, the default error is returned.<br>
<br>
When I added :<br>
<br>
<div> case TLS_ST_BEFORE:<br>
st->hand_state = TLS_ST_CW_CLNT_HELLO;<br>
return WRITE_TRAN_CONTINUE;<br>
<br>
</div>
</div>
</div>
</blockquote>
<br>
The reason there is not currently a case for TLS_ST_BEFORE is that
whether or not we're going to be using TLS 1.3 is supposed to be
determined on the server as part of version negotiation, so when
we're sending a ClientHello, our version is in an indeterminate
status -- the general-purpose TLS method must be used at that part
of the handshake.<br>
<br>
<blockquote type="cite"
cite="mid:CAFTmK8FHgp5f=jgz3PTiNHoBx8_+z8p8SfHTuGCNV1DwiVjPJw@mail.gmail.com">
<div
style="font-family:Calibri,Helvetica,sans-serif;font-size:16px">
<div>
<div>The client hello gets sent out, but I only saw a TLS 1.2
version being sent.</div>
<div>Is this a bug?<br>
</div>
</div>
</div>
</blockquote>
<br>
The legacy_version field in a TLS 1.3 ClientHello will be 0x0303,
matching the historical value for TLS 1.2. The actual list of
versions are conveyed in a "supported_versions" extension, which is
what you need to be looking at.<br>
<br>
-Ben<br>
</body>
</html>