[openssl-dev] ALPN and SNI callbacks in 1.0.2
tshort at akamai.com
Thu Mar 3 19:33:06 UTC 2016
We’ve run into an issue with the ALPN and SNI TLS extension callbacks in 1.0.2. The same behavior may be in master, but I have yet to check.
In summary, the ALPN selection callback is invoked before the SNI/servername callback, yet the ALPN value returned may be dependent on the server being connected to. In other words, ALPN may be broken for virtual servers.
There’s a comment in ssl_parse_clienthello_tlsext() that clearly states:
* Internally supported extensions are parsed first so SNI can be handled
* before custom extensions. An application processing SNI will typically
* switch the parent context using SSL_set_SSL_CTX and custom extensions
* need to be handled by the new SSL_CTX structure.
There are 4 functions that handle TLS extensions, and are invoked in the following order
* saves servername
* saves ec_point_formats
* saves elliptic_curve list
* saves opaque PRF input
* calls session ticket callback
* saves status request
* saves heartbeat
* notes NPN seen
* calls ALPN callback
* calls servername callback
* calls PRF callback
* parses custom extensions
* calls status callback
I would argue that ALPN data should be saved in ssl_scan_clienthello_tlsext() and processed in ssl_check_clienthello_tlsext_early() - after the servername callback
// tshort at akamai.com
// "One if by land, two if by sea, three if by the Internet."
More information about the openssl-dev