[openssl-project] Proto over ciphers or ciphers over proto? (was: The problem of (implicit) relinking and changed behaviour)

Richard Levitte levitte at openssl.org
Sun Apr 15 12:07:25 UTC 2018

In message <AM5PR0701MB265783557331E9B4355D0629E4B10 at AM5PR0701MB2657.eurprd07.prod.outlook.com> on Sun, 15 Apr 2018 06:24:48 +0000, Bernd Edlinger <bernd.edlinger at hotmail.de> said:

bernd.edlinger> One possible example of application failure that I am aware of is #5743:
bernd.edlinger> A certificate that is incompatible with TLS1.3 but works with TLS1.2.
bernd.edlinger> Admittedly that I did come up with that scenario only because I saw
bernd.edlinger> a possible issue per code inspection.

This touches an issue that's already mentioned in Matt's blog, and I
gotta ask how the protocols so be presented for negotiation are chosen
(yes, I know, I could dive into the code...  and I will unless there's
a quick answer).  Does libssl just pick the max version chosen (within
the range that we support unless the application has narrowed it
down), or does it also look at other facts, such as chosen server or
client certs to see what protocol version range would actually work
with those collected facts?  #5743 seems to say that libssl doesn't
look at such facts, and can end up in the absurd situation that things
stop working because it selected TLSv1.3 over TLSv1.2 when the latter
couldn't possibly work right, while TLSv1.2 does.

I can't really say what's right or wrong in this case, this really is
a philosophical question more than anything else.  Is it all right to
just pick a proto version that cannot work and then virtually flip it
to the unsuspecting application that wasn't prepared with better data
(such as a cert that's also valid in TLSv1.3) or is that essentially
wrong, even though easier to deal with in code?  Is that what libssl
is doing, or does it have more of a "look at all the facts" approach
before choosing the proto range to negotiate with the other end?


Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/

More information about the openssl-project mailing list