[openssl-dev] [openssl.org #4069] Malformed Client Hello messages are accepted (custom message padding and length)

Hubert Kario via RT rt at openssl.org
Fri Oct 2 11:26:36 UTC 2015 

Current git checkout of 1.0.1, 1.0.2 and master accept malformed Client
Hello messages.

If the client sends a Client Hello message with extensions.length field
equal to 0, but padded with bytes
FF01 0001 00
then the Server Hello will contain the renegotiation_info extension.

This is in violation of RFC 3546 and RFC 4366 MUST:
   A server that supports the extensions mechanism MUST accept only
   client hello messages in either the original or extended ClientHello
   format, and (as for all other messages) MUST check that the amount of
   data in the message precisely matches one of these formats; if not
   then it MUST send a fatal "decode_error" alert.  This overrides the
   "Forward compatibility note" in [TLS].

as well as the RFC 5246 MUST clause:
   A server MUST accept ClientHello
   messages both with and without the extensions field, and (as for all
   other messages) it MUST check that the amount of data in the message
   precisely matches one of these formats; if not, then it MUST send a
   fatal "decode_error" alert.

Reproducer:
openssl req -x509 -newkey rsa -keyout localhost.key -out localhost.crt -nodes -batch
openssl s_server -key localhost.key -cert localhost.crt -www

in other console:
pip install --pre tlslite-ng
git clone https://github.com/tomato42/tlsfuzzer.git
cd tlsfuzzer
PYTHONPATH=. python scripts/test-truncating-of-client-hello.py

-- 
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151002/e93e5070/attachment.sig>
-------------- next part --------------
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod

More information about the openssl-dev mailing list