[openssl-dev] s3_clnt.c changes regarding external pre-shared secret seem to break EAP-FAST
Brian Smith
brian at briansmith.org
Fri Mar 27 21:19:11 UTC 2015
Erik Tkal <etksubs at gmail.com> wrote:
> In order for EAP-FAST to work it seems that if the client does have a
> tls_session_secret that s->hit must NOT be set since there is no indication
> in the serverHello as to whether the session_ticket sent by the client is
> accepted by the server (the sessionTicket extension is not sent by the
> server in EAP-FAST)
[snip]
Although the RFC4851 (an informational RFC documenting EAP-FAST) does
not require the server to send the session ticket extension during
resumption, it is based on RFC4507/RFC5077 (which are on the standards
track), which *does* require the server to send the extension. So,
this is a bug in the non-conformant servers, not in the openssl
client.
The non-standard mechanism recommended by RFC4851 for distinguishing
resumption vs. full handshakes in EAP-FAST is quite unfortunate. We
should update RFC4851 to require standard RFC5077 semantics to be
used. Is there any effort underway to update RFC4851 for this or other
reasons? It is worth filing an errata against the document, at least.
It would be better to fix this bug on the server (by having them send
the session ticket extension during resumption as required by RFC
5077) than in the openssl client.
Cheers,
Brian
More information about the openssl-dev
mailing list