-
-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
'TLS Unknown' message during negotiation for TLSv1.3 #2403
Comments
The content type is 257 (0x101) which is According to SSL_CTX_set_msg_callback doc the content type is the first byte in buf in that case. The patch below helps for the handshake bit but it's still missing something because 23 shows as diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 0d7baca..2c3e0d8 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1818,8 +1818,15 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type,
* always pass-up content-type as 0. But the interesting message-type
* is at 'buf[0]'.
*/
- if(ssl_ver == SSL3_VERSION_MAJOR && content_type)
- tls_rt_name = tls_rt_type(content_type);
+ if(ssl_ver == SSL3_VERSION_MAJOR && content_type) {
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && /* OpenSSL 1.1.0+ */ \
+ !defined(LIBRESSL_VERSION_NUMBER)
+ if(content_type == SSL3_RT_INNER_CONTENT_TYPE && len == 1)
+ tls_rt_name = tls_rt_type(*(unsigned char *)buf);
+ else
+#endif
+ tls_rt_name = tls_rt_type(content_type);
+ }
else
tls_rt_name = "";
|
- Support handling verbose-mode trace messages of type SSL3_RT_INNER_CONTENT_TYPE, SSL3_MT_ENCRYPTED_EXTENSIONS, SSL3_MT_END_OF_EARLY_DATA, SSL3_MT_KEY_UPDATE, SSL3_MT_NEXT_PROTO, SSL3_MT_MESSAGE_HASH Bug: curl#2403 Reported-by: iz8mbw@users.noreply.github.com Closes #xxxx
next draft in master...jay:fix_ossl111_trace in the case of SSL3_RT_INNER_CONTENT_TYPE there's only one byte which is actually the content type. in that case rather than show for example output:
seems kind of superfluous but OTOH it's verbose mode. edit: in the most recent draft I changed it to
|
I think our |
I don't know what the point of the inner content is if there's no actual content with it. Like why would a user want to know TLS handshake if it's not telling what it's actually doing until the next callback. We are dumping that byte to the user but maybe we should skip it. doc says
|
- Support handling verbose-mode trace messages of type SSL3_RT_INNER_CONTENT_TYPE, SSL3_MT_ENCRYPTED_EXTENSIONS, SSL3_MT_END_OF_EARLY_DATA, SSL3_MT_KEY_UPDATE, SSL3_MT_NEXT_PROTO, SSL3_MT_MESSAGE_HASH Bug: curl#2403 Reported-by: iz8mbw@users.noreply.github.com Closes #xxxx
any more thoughts on this |
This seems to be a step forward for TLS 1.3. |
Running curl 7.59.0 on Linux built from source with OpenSSL
openssl v1.1.1-pre2
and Nghttp2nghttp2 v1.31.0
.curl -V
When curl on a HTTPS TLS1.3 website, during negotiation, there are various "TLS Unknown" (IN or OUT).
See here:
The curl connection is OK but why these "TLS Unknown" message?
"TLS Unknown" is not present for TLSv1.2, see here the same curl with TLSv1.2:
The text was updated successfully, but these errors were encountered: