You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
programs/ssl/ssl_server2 refuses following tls1.3 connections from a peer if that peer used to establish tls1.2 connections with the server previously.
System information
Mbed TLS version (number or commit id): 3.4.0 f1c032a
Operating system and version: Ubuntu 22.04.2 LTS
Configuration (if not default, please attach mbedtls_config.h): #define MBEDTLS_SSL_PROTO_TLS1_3
Compiler and options (if you used a pre-built binary, please indicate how you obtained it): default
Additional environment information: no
Expected behavior
programs/ssl/ssl_server2 allows following tls1.3 connections from a peer if that peer used to establish tls1.2 connections with the server previously.
Actual behavior
programs/ssl/ssl_server2 refuses following tls1.3 connections from a peer if that peer used to establish tls1.2 connections with the server previously.
Steps to reproduce
server: ./programs/ssl/ssl_server2
client: ./programs/ssl/ssl_client2 force_version=tls12
server shows Successful connection
Then, ctrl+c to close client, keep server running, restart client with ./programs/ssl/ssl_client2 force_version=tls13
server shows Last error was: -0x7780 - SSL - A fatal alert message was received from our peer
Additional information
Did not see this behavior in other tls implementations.
The text was updated successfully, but these errors were encountered:
* \def MBEDTLS_SSL_PROTO_TLS1_3
*
* Enable support for TLS 1.3.
*
* \note The support for TLS 1.3 is not comprehensive yet, in particular
* pre-shared keys are not supported.
* See docs/architecture/tls13-support.md for a description of the TLS
* 1.3 support that this option enables.
From docs/architecture/tls13-support.md:
Supported versions:
- TLS 1.2 and TLS 1.3 with version negotiation on the client side, not server
side.
In summary, the server side doesn't have version negotiation yet. This is a documented limitation of TLS 1.3 in the library, which is a feature still in development.
Thanks for the report. I have checked and this is still relevant in 3.5 where we support version negotiation on server side. When a connection is closed, ssl_server2 uses mbedtls_ssl_session_reset() to reset the SSL context to prepare for the following connection. In mbedtls_ssl_session_reset() the TLS maximum negotiable version is not reset properly: if the last connection negotiated TLS 1.2 that's the new maximum.
Summary
programs/ssl/ssl_server2 refuses following tls1.3 connections from a peer if that peer used to establish tls1.2 connections with the server previously.
System information
Mbed TLS version (number or commit id): 3.4.0 f1c032a
Operating system and version: Ubuntu 22.04.2 LTS
Configuration (if not default, please attach
mbedtls_config.h
): #define MBEDTLS_SSL_PROTO_TLS1_3Compiler and options (if you used a pre-built binary, please indicate how you obtained it): default
Additional environment information: no
Expected behavior
programs/ssl/ssl_server2 allows following tls1.3 connections from a peer if that peer used to establish tls1.2 connections with the server previously.
Actual behavior
programs/ssl/ssl_server2 refuses following tls1.3 connections from a peer if that peer used to establish tls1.2 connections with the server previously.
Steps to reproduce
server:
./programs/ssl/ssl_server2
client:
./programs/ssl/ssl_client2 force_version=tls12
server shows
Successful connection
Then,
ctrl+c
to close client, keep server running, restart client with./programs/ssl/ssl_client2 force_version=tls13
server shows
Last error was: -0x7780 - SSL - A fatal alert message was received from our peer
Additional information
Did not see this behavior in other tls implementations.
The text was updated successfully, but these errors were encountered: