Description
Description
- Type: Bug
Bug
mbed TLS build:
Version: 2.7.0 (I assume it's also present in the newest build, as well as the previous ones)
When the negotiated ciphersuite is of the type TLS-ECDH-RSA-* (ECDH key exchange + RSA signed certificate), ECDSA signed certificates are accepted, which means that the ciphersuite technically becomes TLS-ECDH-ECDSA.
RFC 4492 states that in an ECDH_RSA key exchange, the certificate MUST be signed with RSA.
Proof Of Concept
Due to lack of time, I don't have time to submit a "pretty" POF, but here goes a sample client and server program. The client and the server accept a single argument: the id of the ciphersuite to use.
You can use 49201 (TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256), for example.
Here are the sources:
Simply compile both (if you place them in the programs/ssl directory and add the executables in CMake it should work fine.
- Compile
- Run
./server 49201 - Run
./client 49201 - Confirm that the connection is successful.
Note that the server is using the certificate (it's printed out to the console):
-----BEGIN CERTIFICATE-----
MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd
BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S
C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V
fGa5kHvHARBPc8YAIVIqDvHH1Q==
-----END CERTIFICATE-----
which is signed with ecdsa-with-SHA256