Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

programs/ssl/ssl_server2 bug #8654

Closed
hey3e opened this issue Dec 22, 2023 · 3 comments
Closed

programs/ssl/ssl_server2 bug #8654

hey3e opened this issue Dec 22, 2023 · 3 comments
Labels
bug component-tls size-s Estimated task size: small (~2d)
Projects
Backlog for Mbed TLS

Comments

@hey3e
Copy link

hey3e commented Dec 22, 2023

Summary

programs/ssl/ssl_server2 refuses following tls1.3 connections from a peer if that peer used to establish tls1.2 connections with the server previously.

System information

Mbed TLS version (number or commit id): 3.4.0 f1c032a
Operating system and version: Ubuntu 22.04.2 LTS
Configuration (if not default, please attach mbedtls_config.h): #define MBEDTLS_SSL_PROTO_TLS1_3
Compiler and options (if you used a pre-built binary, please indicate how you obtained it): default
Additional environment information: no

Expected behavior

programs/ssl/ssl_server2 allows following tls1.3 connections from a peer if that peer used to establish tls1.2 connections with the server previously.

Actual behavior

programs/ssl/ssl_server2 refuses following tls1.3 connections from a peer if that peer used to establish tls1.2 connections with the server previously.

Steps to reproduce

server: ./programs/ssl/ssl_server2
client: ./programs/ssl/ssl_client2 force_version=tls12
server shows Successful connection

Then, ctrl+c to close client, keep server running, restart client with ./programs/ssl/ssl_client2 force_version=tls13
server shows Last error was: -0x7780 - SSL - A fatal alert message was received from our peer

Additional information

Did not see this behavior in other tls implementations.
@hey3e hey3e mentioned this issue Jan 10, 2024
Closed
@yanesca
Copy link
Contributor

yanesca commented Jan 12, 2024

Form include/mbedtls/mbedtls_config.h:

* \def MBEDTLS_SSL_PROTO_TLS1_3
*
* Enable support for TLS 1.3.
*
* \note The support for TLS 1.3 is not comprehensive yet, in particular
*       pre-shared keys are not supported.
*       See docs/architecture/tls13-support.md for a description of the TLS
*       1.3 support that this option enables.

From docs/architecture/tls13-support.md:

  • Supported versions:
    - TLS 1.2 and TLS 1.3 with version negotiation on the client side, not server
    side.

In summary, the server side doesn't have version negotiation yet. This is a documented limitation of TLS 1.3 in the library, which is a feature still in development.

@ronald-cron-arm
Copy link
Contributor

Thanks for the report. I have checked and this is still relevant in 3.5 where we support version negotiation on server side. When a connection is closed, ssl_server2 uses mbedtls_ssl_session_reset() to reset the SSL context to prepare for the following connection. In mbedtls_ssl_session_reset() the TLS maximum negotiable version is not reset properly: if the last connection negotiated TLS 1.2 that's the new maximum.

@ronald-cron-arm ronald-cron-arm added this to [3.6] TLS 1.3 misc for LTS in EPICs for Mbed TLS Jan 12, 2024
@ronald-cron-arm ronald-cron-arm added the size-s Estimated task size: small (~2d) label Jan 12, 2024
@yanesca yanesca closed this as completed Feb 9, 2024
@tom-cosgrove-arm
Copy link
Contributor

Fixed released in Mbed TLS v3.6 by

commit ad736991bb59211118a29fe115367c24495300c2
Merge: 2f387e98a c522255e3
Author: Janos Follath <janos.follath@arm.com>
Date:   Fri Feb 9 16:04:59 2024 +0000

    Merge pull request #1177 from ronald-cron-arm/tls-max-version-reset

    Reset properly the TLS maximum negotiable version

@minosgalanakis minosgalanakis added this to [3.6] TLS 1.3 misc for LTS in Backlog for Mbed TLS Apr 29, 2024
@minosgalanakis minosgalanakis removed this from [3.6] TLS 1.3 misc for LTS in EPICs for Mbed TLS Apr 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug component-tls size-s Estimated task size: small (~2d)
Projects
Backlog for Mbed TLS
[3.6] TLS 1.3 misc for LTS
Milestone
No milestone
Development

No branches or pull requests
4 participants
@yanesca @ronald-cron-arm @tom-cosgrove-arm @hey3e