OpenSSL regression when a servername callback is set
Dmitry Belyavsky
beldmit at gmail.com
Fri Jul 16 12:37:23 UTC 2021
Hello openssl-users,
We came across a change in OpenSSL 1.1.1j that has introduced a regression.
https://github.com/openssl/openssl/pull/13304 and
https://github.com/openssl/openssl/pull/13305 introduced the behaviour
change: when servername callback is set, we suppose that we are
TLS1.3-capable (see https://github.com/openssl/openssl/issues/13291 as
rationale)
When server has a secret key that is incompatible with TLS 1.3 (in our test
setup it was DSA, but we expect the same behavior with, e.g, Brainpool
curves) set in httpd, when connecting to it via s_client, we get an alert
in response to a ClientHello.
It can be invisible for end-users because of downgrade dance, but I wonder
if we have any real-life cases.
The relevant GH issue is https://github.com/openssl/openssl/issues/16075
Many thanks!
--
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210716/5f0f59b2/attachment.html>
More information about the openssl-users
mailing list