[openssl-dev] [openssl.org #3712] TLS Renegotiation with Java is broken
Hubert Kario
hkario at redhat.com
Fri Sep 25 14:14:46 UTC 2015
On Friday 25 September 2015 14:20:40 Hubert Kario wrote:
> On Friday 25 September 2015 11:40:27 Matt Caswell wrote:
> > On 25/09/15 11:25, Hubert Kario via RT wrote:
> > > On Friday 25 September 2015 10:47:42 Matt Caswell wrote:
> > >> However, I have some concerns with the wording of the RFC. It
> > >> seems
> > >> to place no limits whatsoever on when it is valid to receive app
> > >> data in the handshake. By the wording in the RFC it would be
> > >> valid
> > >> for app data to be received *after* the ChangeCipherSpec has been
> > >> received but *before* the Finished has been processed. This seems
> > >> dangerous to me because it is not until the Finished is processed
> > >> that we verify the handshake data MAC - and yet we could already
> > >> have acted upon app data received. I assume the intent was to
> > >> allow the interleaved app data only up until the point that the
> > >> CCS is received. I have attached a patch for 1.0.2 that
> > >> implements
> > >> that logic.
> > >
> > > yes, I think the only place in which the handshake protocol and
> > > application data _can't_ be interleaved is between the CCS and
> > > Finished.
> >
> > It would be nice to have a test for that wouldn't it ;-)
>
> yeah, but it will be hard to do, you know, with it requiring an TLS
> implementation to misbehave ;)
>
> I'll make one as soon as I'll finish the test cases for record layer
> fragmentation of initial Client Hello (there are few bugs there too)
and done, in the same repo just run
scripts/test-interleaved-application-data-in-renegotiation.py
--
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150925/53465d6e/attachment-0001.sig>
More information about the openssl-dev
mailing list