Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

schannel: ban server ALPN selection during recv renegotiation #9463

Closed
wants to merge 4 commits into from

Conversation

jay
Copy link
Member

@jay jay commented Sep 9, 2022

By the time schannel_recv is renegotiating the connection, libcurl has already decided on a protocol and it is too late for the server to select a protocol via ALPN.

Ref: #9451

Closes #xxxx


I'm not entirely sure if this is correct, I don't really understand the way ALPN is expected to work on renegotiation. For example, if the connection is immediately renegotiated before any application data is received, then maybe it would work to change protocols based on server ALPN selection?

@jay jay added TLS Windows Windows-specific labels Sep 9, 2022
@jay jay force-pushed the schannel_alpn_on_renegotiate branch 2 times, most recently from 6e58c00 to 3c8f463 Compare Sep 14, 2022
@jay
Copy link
Member Author

jay commented Sep 14, 2022

I've modified this slightly to allow the server to select an ALPN protocol on renegotiation as long as it is the same as what was originally selected, since it's not documented how schannel handles this.

jay added 4 commits Sep 22, 2022
By the time schannel_recv is renegotiating the connection, libcurl has
already decided on a protocol and it is too late for the server to
select a protocol via ALPN.

Ref: curl#9451

Closes #xxxx
Change it so the server can select an ALPN protocol during renegotiation
just not different than what it originally selected.
@jay jay force-pushed the schannel_alpn_on_renegotiate branch from 3c29651 to e251a78 Compare Sep 22, 2022
@jay jay closed this in 5c0d02b Sep 26, 2022
@jay jay deleted the schannel_alpn_on_renegotiate branch Sep 26, 2022
jquepi pushed a commit to jquepi/curl.1.555 that referenced this pull request Oct 24, 2022
By the time schannel_recv is renegotiating the connection, libcurl has
already decided on a protocol and it is too late for the server to
select a protocol via ALPN except for the originally selected protocol.

Ref: curl/curl#9451

Closes curl/curl#9463
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
TLS Windows Windows-specific
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

1 participant