[openssl-dev] s3_clnt.c changes regarding external pre-shared secret seem to break EAP-FAST

Emilia Käsper emilia at openssl.org
Tue Apr 21 17:46:24 UTC 2015


On Wed, Apr 1, 2015 at 10:53 PM, Brian Smith <brian at briansmith.org> wrote:

> Emilia Käsper <emilia at openssl.org> wrote:
> > On Fri, Mar 27, 2015 at 10:40 PM, Brian Smith <brian at briansmith.org>
> wrote:
> >> If OpenSSL's client code were changed to always use an empty session
> >> ID when attempting resumption using a session ticket, then the
> >> EAP-FAST case wouldn't be different from the general session ticket
> >> resumption case. I think that this is a cleaner approach.
> >
> > 1)  The way EAP-FAST diverges from 5246 and 5077 is indeed quite
> > unfortunate. The lookahead is messy, and hard to get right - I don't want
> > another "early CCS" due to lack of determinism in the state machine.
> Setting
> > the session ID is much cleaner. So, I'd rather put in a workaround that
> is
> > specific to EAP-FAST and doesn't affect regular handshakes.
>
> The added complexity of having a special case for EAP-FAST seems worse
> to me. After all, it's not OK to have EAP-FAST be non-secure, and so
> it is important to have the no-session-ID case be correct regardless.
>

This has now been fixed in commit 6e3d015363ed09c4eff5c02ad41153387ffdf5af
and cherry-picked to stable branches.

I certainly hope it's correct! I've done my best to make it so.

Cheers,
Emilia


> > 2) Removing the session ID upon resumption would be a big change in
> > behaviour that I don't think would qualify for a stable branch anyway
> unless
> > there was a security or regression  issue behind it.
>
> Fair enough. I have no idea what the compatibility problems might
> arise. If I have some time, I might try to change one of the web
> browsers to do this, to see what happens. If I do, I'll report back.
>

> Cheers,
> Brian
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150421/04958565/attachment.html>


More information about the openssl-dev mailing list