[openssl-users] sendmail, openssl 1.1.1, tls1.3
Matt Caswell
matt at openssl.org
Wed Oct 17 14:37:53 UTC 2018
On 16/10/2018 05:19, Viktor Dukhovni wrote:
> [ Carl sent me the CA bundle off-list ] With the provided CA bundle
> I was able to easily reproduce the same symptoms with:
Please can someone send me the same CA bundle so that I might also
reproduce this?
Thanks
Matt
>
> $ openssl s_client -requestCAfile bundle.pem -connect localhost:12345
>
> Running this under a debugger the failure happens at certificate #143
> because the client hello packet overflows its maximum allocation:
>
> $6 = {
> buf = 0x0000000100724200
> staticbuf = 0x0000000000000000 <no value available>
> curr = 16364
> written = 16364
> maxsize = 16384
> subs = 0x0000000100727700
> }
>
> So even though the extension is allowed to be up to 2^16 bytes, it
> seems the client HELLO is expected to fit into a single TLS record
> of at most 16K bytes.
>
> Given enough crud in the CA bundle, and a client misconfigured to
> to spill its guts to the server, by sending the names of all the
> trusted CAs, the limit is not too hard to exceed.
>
> The work-around is to send *zero* CA names to the server, Sendmail
> SHOULD NOT configure the SSL_CTX for the client connection to with
> preferred CA names. If that is not configurable, then keep the
> CA file as short as possible, empty if possible, else just one
> root CA, and everything else in CApath (yes "hashed" with the
> various symlinks in place to each cert, one per file).
>
> As for the 16K limit, and whether we should be sending client
> CA names without further indication from the (TLS 1.3) client
> to do so, I'm hoping Matt Caswell and or other team members
> will chime in.
>
More information about the openssl-users
mailing list