[openssl-dev] s3_clnt.c changes regarding external pre-shared secret seem to break EAP-FAST
Brian Smith
brian at briansmith.org
Wed Apr 1 20:53:10 UTC 2015
Emilia Käsper <emilia at openssl.org> wrote:
> On Fri, Mar 27, 2015 at 10:40 PM, Brian Smith <brian at briansmith.org> wrote:
>> If OpenSSL's client code were changed to always use an empty session
>> ID when attempting resumption using a session ticket, then the
>> EAP-FAST case wouldn't be different from the general session ticket
>> resumption case. I think that this is a cleaner approach.
>
> 1) The way EAP-FAST diverges from 5246 and 5077 is indeed quite
> unfortunate. The lookahead is messy, and hard to get right - I don't want
> another "early CCS" due to lack of determinism in the state machine. Setting
> the session ID is much cleaner. So, I'd rather put in a workaround that is
> specific to EAP-FAST and doesn't affect regular handshakes.
The added complexity of having a special case for EAP-FAST seems worse
to me. After all, it's not OK to have EAP-FAST be non-secure, and so
it is important to have the no-session-ID case be correct regardless.
> 2) Removing the session ID upon resumption would be a big change in
> behaviour that I don't think would qualify for a stable branch anyway unless
> there was a security or regression issue behind it.
Fair enough. I have no idea what the compatibility problems might
arise. If I have some time, I might try to change one of the web
browsers to do this, to see what happens. If I do, I'll report back.
Cheers,
Brian
More information about the openssl-dev
mailing list