SSL crash when pointed at an echo server (fed it's own output back to input)

[ewildgoose]

This is a resend of an email to the erlang-help list, probably better here though:

in order to develop some simple elixir tcp apps I first created a simple echo server that runs on two ports, one protected by SSL and another on plain TCP.

By accident I tried to initiate an SSL connection to the (non ssl) tcp echo server port and found the following crash (please forgive the elixir syntax below). To be clear, this is the erlang SSL application basically being made to talk to itself, the far side just repeats back what it receives.

Obviously one shouldn't do this... However, perhaps someone would like to see if we can't catch the exception and return a nicer error?

(tested against: Erlang 24.1.3)

Example to repro below, but I think if one had an echo server running on localhost port 7 say, you could simply point the ssl application at that to reproduce

---

iex(5)> :ssl.connect('34.221.16.130', 1235, [:binary, :inet, active: :once, nodelay: true, packet:
:raw], 5000)
[warn] Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'

[error] GenStateMachine #PID<0.844.0> terminating
** (MatchError) no match of right hand side value: {:state, {:static_env, :client, :gen_tcp,
:tls_gen_connection, :tcp, :tcp_closed, :tcp_error, :tcp_passive, '34.221.16.130', 1235,
#Port<0.63>, #Reference<0.1889060192.1381892099.20362>, #Reference<0.1889060192.1381892099.20361>,
:ssl_client_session_cache_db, {:ssl_crl_cache, {{#Reference<0.1889060192.1381892099.20365>,
#Reference<0.1889060192.1381892099.20366>}, []}}, {#Reference<0.1889060192.1381892099.20363>,
#Reference<0.1889060192.1381892099.20364>}, #Reference<0.1889060192.1381761025.28420>, :undefined},
{:connection_env, {#Reference<0.1889060192.1381761025.28417>, #PID<0.793.0>}, :undefined, false,
false, {3, 3}, :undefined, :undefined}, %{fallback: false, supported_groups: {:supported_groups,
[:x25519, :x448, :secp256r1, :secp384r1]}, sni_fun: :undefined, versions: [{3, 4}, {3, 3}],
honor_ecc_order: :undefined, partial_chain: #Function<11.91340613/1 in :ssl.handle_options/5>,
reuse_session: :undefined, customize_hostname_check: [], alpn_advertised_protocols: :undefined,
max_fragment_length: :undefined, ciphers: [<<19, 2>>, <<19, 1>>, <<19, 3>>, <<19, 4>>, <<19, 5>>,
<<192, 44>>, <<192, 48>>, <<192, 173>>, <<192, 175>>, <<192, 36>>, <<192, 40>>, "̩", "̨", <<192,
43>>, <<192, 47>>, <<192, 172>>, <<192, 174>>, <<192, 46>>, <<192, 50>>, <<192, 38>>, <<192, 42>>,
<<192, 45>>, <<192, 49>>, <<192, 35>>, <<192, 39>>, <<192, 37>>, <<192, 41>>, <<0, 159>>, <<0,
163>>, <<0, 107>>, <<0, 106>>, <<0, 158>>, <<0, 162>>, "̪", <<...>>, ...], cacerts: :undefined,
ocsp_responder_certs: [], middlebox_comp_mode: true, max_handshake_size: 262144, verify_fun:
{#Function<12.91340613/3 in :ssl.handle_options/5>, []}, signature_algs: [:ecdsa_secp521r1_sha512,
:ecdsa_secp384r1_sha384, :ecdsa_secp256r1_sha256, :rsa_pss_pss_sha512, :rsa_pss_pss_sha384,
:rsa_pss_pss_sha256, :rsa_pss_rsae_sha512, :rsa_pss_rsae_sha384, :rsa_pss_rsae_sha256,
:eddsa_ed25519, :eddsa_ed448, {:sha512, :ecdsa}, {:sha512, :rsa}, {:sha384, :ecdsa}, {:sha384,
:rsa}, {:sha256, :ecdsa}, {:sha256, :rsa}, {:sha224, :ecdsa}, {:sha224, :rsa}, {:sha, :ecdsa},
{:sha, :rsa}, {:sha, :dsa}], next_protocols_advertised: :undefined, verify: :verify_none, dhfile:
:undefined, key_update_at: 388736063997, depth: 10, anti_replay: :undefined, cert: :undefined,
beast_mitigation: :one_n_minus_one, client_renegotiation: :undefined, key: :undefined, sni_hosts:
[], next_protocol_selector: :undefined, padding_check: true, renegotiate_at: 268435456, dh:
:undefined, ocsp_stapling: false, cacertfile: "", fail_if_no_peer_cert: false, eccs:
{:elliptic_curves, [{1, 3, 132, 0, 39}, {1, 3, 132, 0, 38}, {1, 3, 132, 0, 35}, {1, 3, 36, 3, ...},
{1, 3, 132, ...}, {1, 3, ...}, {1, ...}, {...}, ...]}, use_ticket: :undefined, signature_algs_cert:
:undefined, hibernate_after: :infinity, alpn_preferred_protocols: :undefined, reuse_sessions: true,
honor_cipher_order: :undefined, user_lookup_fun: :undefined, session_tickets: :disabled, cookie:
:undefined, crl_cache: {...}, ...}, {:socket_options, :binary, :raw, 0, 0, :once}, {:handshake_env,
:undefined, 0, {[<<1, 0, 1, 26, 3, 3, 97, 137, 132, 18, 245, 9, 17, 102, 122, 36, 233, 32, 41, 79,
146, 44, 28, 247, 36, 160, 243, 194, 242, 199, 62, 127, 184, 140, 57, 242, 118, 35, ...>>, [1, <<0,
1, 26>>, <<3, 3, 97, 137, 132, 18, 245, 9, 17, 102, 122, 36, 233, 32, 41, 79, 146, 44, 28, 247, 36,
160, 243, 194, 242, 199, 62, 127, 184, 140, 57, 242, 118, 35, ...>>]], [[1, <<0, 1, 26>>, <<3, 3,
97, 137, 132, 18, 245, 9, 17, 102, 122, 36, 233, 32, 41, 79, 146, 44, 28, 247, 36, 160, 243, 194,
242, 199, 62, 127, 184, 140, 57, 242, 118, 35, ...>>]]}, false, {false, :first}, false, false,
false, false, :undefined, :undefined, :undefined, :undefined, false, :undefined, :undefined,
:undefined, {:undefined, :undefined}, {:undefined, :undefined}, :undefined, :undefined, :undefined,
:undefined, :undefined, :undefined, :undefined, :undefined, %{ocsp_expect: :no_staple, ocsp_nonce:
:undefined, ocsp_stapling: false}}, [], false, %{active_n: 100, active_n_toggle: false, sender:
#PID<0.843.0>}, {:session, "", :undefined, :undefined, :undefined, :undefined, :undefined,
:undefined, :undefined, false, -576459648695699000, :undefined, :undefined, :undefined},
{:key_share_client_hello, [{:key_share_entry, :x25519, {<<249, 196, 35, 188, 216, 241, 192, 44, 108,
210, 243, 25, 45, 184, 86, 169, 120, 79, 85, 234, 142, 230, 138, 102, 80, 9, 238, 43, 42, 224, 211,
117>>, <<168, 198, 207, 241, 16, 25, 147, 88, 92, 85, 26, 3, 54, 138, 201, 101, 60, 228, 16, 141,
49, 218, 213, 186, 37, 48, 99, 218, 103, 248, 70, ...>>}}]}, %{current_read: %{beast_mitigation:
:one_n_minus_one, cipher_state: :undefined, client_verify_data: :undefined, compression_state:
:undefined, early_data_limit: false, mac_secret: :undefined, max_early_data_size: 16384,
max_fragment_length: :undefined, secure_renegotiation: :undefined, security_parameters:
{:security_parameters, <<0, 0>>, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, :undefined, :undefined,
:undefined, :undefined, :undefined, :undefined, :undefined}, sequence_number: 1, server_verify_data:
:undefined, trial_decryption: false}, current_write: %{beast_mitigation: :one_n_minus_one,
cipher_state: :undefined, client_verify_data: :undefined, compression_state: :undefined,
early_data_limit: false, mac_secret: :undefined, max_early_data_size: 16384, max_fragment_length:
:undefined, secure_renegotiation: :undefined, security_parameters: {:security_parameters, <<0, 0>>,
1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, :undefined, :undefined, :undefined, :undefined, :undefined,
:undefined, :undefined}, sequence_number: 1, server_verify_data: :undefined, trial_decryption:
false}, pending_read: %{beast_mitigation: :one_n_minus_one, cipher_state: :undefined,
client_verify_data: :undefined, compression_state: :undefined, early_data_limit: false, mac_secret:
:undefined, max_early_data_size: 16384, max_fragment_length: :undefined, secure_renegotiation:
:undefined, security_parameters: {:security_parameters, :undefined, 1, :undefined, :undefined,
:undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined,
:undefined, :undefined, :undefined, :undefined, <<97, 137, 132, 18, 245, 9, 17, ...>>, :undefined,
:undefined}, server_verify_data: :undefined, trial_decryption: false}, pending_write:
%{beast_mitigation: :one_n_minus_one, cipher_state: :undefined, client_verify_data: :undefined,
compression_state: :undefined, early_data_limit: false, mac_secret: :undefined, max_early_data_size:
16384, max_fragment_length: :undefined, secure_renegotiation: :undefined, security_parameters:
{:security_parameters, :undefined, 1, :undefined, :undefined, :undefined, :undefined, :undefined,
:undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined,
:undefined, <<97, 137, 132, 18, 245, 9, ...>>, :undefined, :undefined}, server_verify_data:
:undefined, trial_decryption: false}}, {:protocol_buffers, {:undefined, {[], 0, []}}, "", []}, {[],
0, []}, :undefined, {#PID<0.793.0>, #Reference<0.1889060192.1381761025.28419>}, :undefined}
    (ssl 10.5.2) tls_handshake_1_3.erl:652: :tls_handshake_1_3.do_start/2
    (ssl 10.5.2) tls_connection_1_3.erl:270: :tls_connection_1_3.start/3
    (stdlib 3.16.1) gen_statem.erl:1194: :gen_statem.loop_state_callback/11
    (ssl 10.5.2) tls_connection.erl:154: :tls_connection.init/1
    (stdlib 3.16.1) proc_lib.erl:226: :proc_lib.init_p_do_apply/3
State: [data: [{'State', {:start, {:state, {:static_env, :client, :gen_tcp, :tls_gen_connection,
:tcp, :tcp_closed, :tcp_error, :tcp_passive, '34.221.16.130', 1235, #Port<0.63>,
#Reference<0.1889060192.1381892099.20362>, #Reference<0.1889060192.1381892099.20361>,
:ssl_client_session_cache_db, {:ssl_crl_cache, {{#Reference<0.1889060192.1381892099.20365>,
#Reference<0.1889060192.1381892099.20366>}, []}}, {#Reference<0.1889060192.1381892099.20363>,
#Reference<0.1889060192.1381892099.20364>}, #Reference<0.1889060192.1381761025.28420>, :undefined},
'***', %{fallback: false, supported_groups: {:supported_groups, [:x25519, :x448, :s (truncated)
** (exit) exited in: :gen_statem.call(#PID<0.844.0>, {:start, 5000}, :infinity)
    ** (EXIT) an exception was raised:
        ** (MatchError) no match of right hand side value: {:state, {:static_env, :client, :gen_tcp,
:tls_gen_connection, :tcp, :tcp_closed, :tcp_error, :tcp_passive, '34.221.16.130', 1235,
#Port<0.63>, #Reference<0.1889060192.1381892099.20362>, #Reference<0.1889060192.1381892099.20361>,
:ssl_client_session_cache_db, {:ssl_crl_cache, {{#Reference<0.1889060192.1381892099.20365>,
#Reference<0.1889060192.1381892099.20366>}, []}}, {#Reference<0.1889060192.1381892099.20363>,
#Reference<0.1889060192.1381892099.20364>}, #Reference<0.1889060192.1381761025.28420>, :undefined},
{:connection_env, {#Reference<0.1889060192.1381761025.28417>, #PID<0.793.0>}, :undefined, false,
false, {3, 3}, :undefined, :undefined}, %{fallback: false, supported_groups: {:supported_groups,
[:x25519, :x448, :secp256r1, :secp384r1]}, sni_fun: :undefined, versions: [{3, 4}, {3, 3}],
honor_ecc_order: :undefined, partial_chain: #Function<11.91340613/1 in :ssl.handle_options/5>,
reuse_session: :undefined, customize_hostname_check: [], alpn_advertised_protocols: :undefined,
max_fragment_length: :undefined, ciphers: [<<19, 2>>, <<19, 1>>, <<19, 3>>, <<19, 4>>, <<19, 5>>,
<<192, 44>>, <<192, 48>>, <<192, 173>>, <<192, 175>>, <<192, 36>>, <<192, 40>>, "̩", "̨", <<192,
43>>, <<192, 47>>, <<192, 172>>, <<192, 174>>, <<192, 46>>, <<192, 50>>, <<192, 38>>, <<192, 42>>,
<<192, 45>>, <<192, 49>>, <<192, 35>>, <<192, 39>>, <<192, 37>>, <<192, 41>>, <<0, 159>>, <<0,
163>>, <<0, 107>>, <<0, 106>>, <<0, 158>>, <<0, 162>>, "̪", <<...>>, ...], cacerts: :undefined,
ocsp_responder_certs: [], middlebox_comp_mode: true, max_handshake_size: 262144, verify_fun:
{#Function<12.91340613/3 in :ssl.handle_options/5>, []}, signature_algs: [:ecdsa_secp521r1_sha512,
:ecdsa_secp384r1_sha384, :ecdsa_secp256r1_sha256, :rsa_pss_pss_sha512, :rsa_pss_pss_sha384,
:rsa_pss_pss_sha256, :rsa_pss_rsae_sha512, :rsa_pss_rsae_sha384, :rsa_pss_rsae_sha256,
:eddsa_ed25519, :eddsa_ed448, {:sha512, :ecdsa}, {:sha512, :rsa}, {:sha384, :ecdsa}, {:sha384,
:rsa}, {:sha256, :ecdsa}, {:sha256, :rsa}, {:sha224, :ecdsa}, {:sha224, :rsa}, {:sha, :ecdsa},
{:sha, :rsa}, {:sha, :dsa}], next_protocols_advertised: :undefined, verify: :verify_none, dhfile:
:undefined, key_update_at: 388736063997, depth: 10, anti_replay: :undefined, cert: :undefined,
beast_mitigation: :one_n_minus_one, client_renegotiation: :undefined, key: :undefined, sni_hosts:
[], next_protocol_selector: :undefined, padding_check: true, renegotiate_at: 268435456, dh:
:undefined, ocsp_stapling: false, cacertfile: "", fail_if_no_peer_cert: false, eccs:
{:elliptic_curves, [{1, 3, 132, 0, 39}, {1, 3, 132, 0, 38}, {1, 3, 132, 0, 35}, {1, 3, 36, 3, ...},
{1, 3, 132, ...}, {1, 3, ...}, {1, ...}, {...}, ...]}, use_ticket: :undefined, signature_algs_cert:
:undefined, hibernate_after: :infinity, alpn_preferred_protocols: :undefined, reuse_sessions: true,
honor_cipher_order: :undefined, user_lookup_fun: :undefined, session_tickets: :disabled, cookie:
:undefined, crl_cache: {...}, ...}, {:socket_options, :binary, :raw, 0, 0, :once}, {:handshake_env,
:undefined, 0, {[<<1, 0, 1, 26, 3, 3, 97, 137, 132, 18, 245, 9, 17, 102, 122, 36, 233, 32, 41, 79,
146, 44, 28, 247, 36, 160, 243, 194, 242, 199, 62, 127, 184, 140, 57, 242, 118, 35, ...>>, [1, <<0,
1, 26>>, <<3, 3, 97, 137, 132, 18, 245, 9, 17, 102, 122, 36, 233, 32, 41, 79, 146, 44, 28, 247, 36,
160, 243, 194, 242, 199, 62, 127, 184, 140, 57, 242, 118, 35, ...>>]], [[1, <<0, 1, 26>>, <<3, 3,
97, 137, 132, 18, 245, 9, 17, 102, 122, 36, 233, 32, 41, 79, 146, 44, 28, 247, 36, 160, 243, 194,
242, 199, 62, 127, 184, 140, 57, 242, 118, 35, ...>>]]}, false, {false, :first}, false, false,
false, false, :undefined, :undefined, :undefined, :undefined, false, :undefined, :undefined,
:undefined, {:undefined, :undefined}, {:undefined, :undefined}, :undefined, :undefined, :undefined,
:undefined, :undefined, :undefined, :undefined, :undefined, %{ocsp_expect: :no_staple, ocsp_nonce:
:undefined, ocsp_stapling: false}}, [], false, %{active_n: 100, active_n_toggle: false, sender:
#PID<0.843.0>}, {:session, "", :undefined, :undefined, :undefined, :undefined, :undefined,
:undefined, :undefined, false, -576459648695699000, :undefined, :undefined, :undefined},
{:key_share_client_hello, [{:key_share_entry, :x25519, {<<249, 196, 35, 188, 216, 241, 192, 44, 108,
210, 243, 25, 45, 184, 86, 169, 120, 79, 85, 234, 142, 230, 138, 102, 80, 9, 238, 43, 42, 224, 211,
117>>, <<168, 198, 207, 241, 16, 25, 147, 88, 92, 85, 26, 3, 54, 138, 201, 101, 60, 228, 16, 141,
49, 218, 213, 186, 37, 48, 99, 218, 103, 248, 70, ...>>}}]}, %{current_read: %{beast_mitigation:
:one_n_minus_one, cipher_state: :undefined, client_verify_data: :undefined, compression_state:
:undefined, early_data_limit: false, mac_secret: :undefined, max_early_data_size: 16384,
max_fragment_length: :undefined, secure_renegotiation: :undefined, security_parameters:
{:security_parameters, <<0, 0>>, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, :undefined, :undefined,
:undefined, :undefined, :undefined, :undefined, :undefined}, sequence_number: 1, server_verify_data:
:undefined, trial_decryption: false}, current_write: %{beast_mitigation: :one_n_minus_one,
cipher_state: :undefined, client_verify_data: :undefined, compression_state: :undefined,
early_data_limit: false, mac_secret: :undefined, max_early_data_size: 16384, max_fragment_length:
:undefined, secure_renegotiation: :undefined, security_parameters: {:security_parameters, <<0, 0>>,
1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, :undefined, :undefined, :undefined, :undefined, :undefined,
:undefined, :undefined}, sequence_number: 1, server_verify_data: :undefined, trial_decryption:
false}, pending_read: %{beast_mitigation: :one_n_minus_one, cipher_state: :undefined,
client_verify_data: :undefined, compression_state: :undefined, early_data_limit: false, mac_secret:
:undefined, max_early_data_size: 16384, max_fragment_length: :undefined, secure_renegotiation:
:undefined, security_parameters: {:security_parameters, :undefined, 1, :undefined, :undefined,
:undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined,
:undefined, :undefined, :undefined, :undefined, <<97, 137, 132, 18, 245, 9, 17, ...>>, :undefined,
:undefined}, server_verify_data: :undefined, trial_decryption: false}, pending_write:
%{beast_mitigation: :one_n_minus_one, cipher_state: :undefined, client_verify_data: :undefined,
compression_state: :undefined, early_data_limit: false, mac_secret: :undefined, max_early_data_size:
16384, max_fragment_length: :undefined, secure_renegotiation: :undefined, security_parameters:
{:security_parameters, :undefined, 1, :undefined, :undefined, :undefined, :undefined, :undefined,
:undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined,
:undefined, <<97, 137, 132, 18, 245, 9, ...>>, :undefined, :undefined}, server_verify_data:
:undefined, trial_decryption: false}}, {:protocol_buffers, {:undefined, {[], 0, []}}, "", []}, {[],
0, []}, :undefined, {#PID<0.793.0>, #Reference<0.1889060192.1381761025.28419>}, :undefined}
            (ssl 10.5.2) tls_handshake_1_3.erl:652: :tls_handshake_1_3.do_start/2
            (ssl 10.5.2) tls_connection_1_3.erl:270: :tls_connection_1_3.start/3
            (stdlib 3.16.1) gen_statem.erl:1194: :gen_statem.loop_state_callback/11
            (ssl 10.5.2) tls_connection.erl:154: :tls_connection.init/1
            (stdlib 3.16.1) proc_lib.erl:226: :proc_lib.init_p_do_apply/3
    (stdlib 3.16.1) gen.erl:220: :gen.do_call/4
    (stdlib 3.16.1) gen_statem.erl:684: :gen_statem.call_dirty/4
    (ssl 10.5.2) ssl_gen_statem.erl:1185: :ssl_gen_statem.call/2
    (ssl 10.5.2) ssl_gen_statem.erl:224: :ssl_gen_statem.handshake/2
    (ssl 10.5.2) tls_gen_connection.erl:89: :tls_gen_connection.start_fsm/8
    (ssl 10.5.2) ssl_gen_statem.erl:193: :ssl_gen_statem.connect/8
    (ssl 10.5.2) ssl.erl:608: :ssl.connect/4

[IngelaAndin]

Could you please provide a more concrete example of how to reproduce? The crash above is from an erlang server. The line pointed out to fail will not be executed by a client.

[ewildgoose]

Hi, I'm pretty much literally running the single command that I gave in the original comment above:

Caveat that I'm reproducing this through the elixir repl, this is the complete repro:

✗ iex                                                                                                                git:(ed_dev|✚4…8⚑2 
Erlang/OTP 24 [erts-12.1.3] [source] [64-bit] [smp:8:8] [ds:8:8:10] [async-threads:1] [jit] [dtrace]

Interactive Elixir (1.12.3) - press Ctrl+C to exit (type h() ENTER for help)
iex(1)> :ssl.start
:ok
iex(2)> :ssl.connect('34.221.16.130', 1235, [:binary, :inet, active: :once, nodelay: true, packet:
...(2)> :raw], 5000)

13:42:15.411 [warn]  Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'

** (exit) exited in: :gen_statem.call(#PID<0.144.0>, {:start, 5000}, :infinity)
    ** (EXIT) an exception was raised:
        ** (MatchError) no match of right hand side value: {:state, {:static_env, :client, :gen_tcp, :tls_gen_connection, :tcp, :tcp_closed, :tcp_error, :tcp_passive, '34.221.16.130', 1235, #Port<0.6>, #Reference<0.3591925500.1858732040.2074>, #Reference<0.3591925500.1858732040.2073>, :ssl_client_session_cache_db, {:ssl_crl_cache, {{#Reference<0.3591925500.1858732040.2077>, #Reference<0.3591925500.1858732040.2078>}, []}}, {#Reference<0.3591925500.1858732040.2075>, #Reference<0.3591925500.1858732040.2076>}, #Reference<0.3591925500.1858600968.2199>, :undefined}, {:connection_env, {#Reference<0.3591925500.1858600968.2195>, #PID<0.109.0>}, :undefined, false, false, {3, 3}, :undefined, :undefined}, %{customize_hostname_check: [], srp_identity: :undefined, client_renegotiation: :undefined, max_fragment_length: :undefined, signature_algs_cert: :undefined, erl_dist: false, reuse_session: :undefined, beast_mitigation: :one_n_minus_one, signature_algs: [:ecdsa_secp521r1_sha512, :ecdsa_secp384r1_sha384, :ecdsa_secp256r1_sha256, :rsa_pss_pss_sha512, :rsa_pss_pss_sha384, :rsa_pss_pss_sha256, :rsa_pss_rsae_sha512, :rsa_pss_rsae_sha384, :rsa_pss_rsae_sha256, :eddsa_ed25519, :eddsa_ed448, {:sha512, :ecdsa}, {:sha512, :rsa}, {:sha384, :ecdsa}, {:sha384, :rsa}, {:sha256, :ecdsa}, {:sha256, :rsa}, {:sha224, :ecdsa}, {:sha224, :rsa}, {:sha, :ecdsa}, {:sha, :rsa}, {:sha, :dsa}], eccs: {:elliptic_curves, [{1, 3, 132, 0, 39}, {1, 3, 132, 0, 38}, {1, 3, 132, 0, 35}, {1, 3, 36, 3, 3, 2, 8, 1, 1, 13}, {1, 3, 132, 0, 36}, {1, 3, 132, 0, 37}, {1, 3, 36, 3, 3, 2, 8, 1, 1, 11}, {1, 3, 132, 0, 34}, {1, 3, 132, 0, 16}, {1, 3, 132, 0, 17}, {1, 3, 36, 3, 3, 2, 8, 1, 1, 7}, {1, 3, 132, 0, 10}, {1, 2, 840, 10045, 3, 1, 7}, {1, 3, 132, 0, 3}, {1, 3, 132, 0, 26}, {1, 3, 132, 0, 27}, {1, 3, 132, 0, 32}, {1, 3, 132, 0, 33}, {1, 3, 132, 0, 24}, {1, 3, 132, 0, 25}, {1, 3, 132, 0, 31}, {1, 2, 840, 10045, 3, 1, 1}, {1, 3, 132, 0, 1}, {1, 3, 132, 0, 2}, {1, 3, 132, 0, 15}, {1, 3, 132, 0, 9}, {1, 3, 132, 0, 8}, {1, 3, 132, 0, 30}]}, supported_groups: {:supported_groups, [:x25519, :x448, :secp256r1, :secp384r1]}, depth: 10, cacerts: :undefined, key_update_at: 388736063997, cacertfile: "", partial_chain: #Function<11.91340613/1 in :ssl.handle_options/5>, next_protocol_selector: :undefined, verify_fun: {#Function<12.91340613/3 in :ssl.handle_options/5>, []}, dhfile: :undefined, sni_fun: :undefined, keyfile: "", session_tickets: :disabled, padding_check: true, user_lookup_fun: :undefined, password: [], anti_replay: :undefined, dh: :undefined, reuse_sessions: true, next_protocols_advertised: :undefined, middlebox_comp_mode: true, verify: :verify_none, secure_renegotiate: true, key: :undefined, certfile: "", log_level: :notice, ocsp_nonce: true, max_handshake_size: 262144, cert: :undefined, sni_hosts: [], handshake: :full, server_name_indication: '34.221.16.130', crl_check: false, early_data: :undefined, keep_secrets: false, alpn_advertised_protocols: :undefined, psk_identity: :undefined, ...}, {:socket_options, :binary, :raw, 0, 0, :once}, {:handshake_env, :undefined, 0, {[<<1, 0, 1, 26, 3, 3, 97, 145, 18, 55, 85, 201, 178, 224, 133, 76, 178, 197, 46, 48, 118, 19, 245, 161, 235, 183, 40, 75, 125, 134, 172, 97, 30, 228, 249, 162, 175, 235, ...>>, [1, <<0, 1, 26>>, <<3, 3, 97, 145, 18, 55, 85, 201, 178, 224, 133, 76, 178, 197, 46, 48, 118, 19, 245, 161, 235, 183, 40, 75, 125, 134, 172, 97, 30, 228, 249, 162, 175, 235, ...>>]], [[1, <<0, 1, 26>>, <<3, 3, 97, 145, 18, 55, 85, 201, 178, 224, 133, 76, 178, 197, 46, 48, 118, 19, 245, 161, 235, 183, 40, 75, 125, 134, 172, 97, 30, 228, 249, 162, 175, 235, ...>>]]}, false, {false, :first}, false, false, false, false, :undefined, :undefined, :undefined, :undefined, false, :undefined, :undefined, :undefined, {:undefined, :undefined}, {:undefined, :undefined}, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, %{ocsp_expect: :no_staple, ocsp_nonce: :undefined, ocsp_stapling: false}}, [], false, %{active_n: 100, active_n_toggle: false, sender: #PID<0.143.0>}, {:session, "", :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, false, -576460744921984000, :undefined, :undefined, :undefined}, {:key_share_client_hello, [{:key_share_entry, :x25519, {<<41, 113, 202, 209, 17, 136, 115, 82, 83, 21, 149, 152, 122, 158, 155, 89, 64, 174, 207, 227, 253, 224, 46, 32, 139, 130, 237, 193, 72, 13, 164, 31>>, <<240, 220, 101, 142, 96, 229, 163, 42, 79, 57, 3, 250, 7, 93, 14, 94, 60, 175, 59, 80, 183, 19, 123, 178, 6, 119, 214, 172, 118, 96, 156, ...>>}}]}, %{current_read: %{beast_mitigation: :one_n_minus_one, cipher_state: :undefined, client_verify_data: :undefined, compression_state: :undefined, early_data_limit: false, mac_secret: :undefined, max_early_data_size: 16384, max_fragment_length: :undefined, secure_renegotiation: :undefined, security_parameters: {:security_parameters, <<0, 0>>, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined}, sequence_number: 1, server_verify_data: :undefined, trial_decryption: false}, current_write: %{beast_mitigation: :one_n_minus_one, cipher_state: :undefined, client_verify_data: :undefined, compression_state: :undefined, early_data_limit: false, mac_secret: :undefined, max_early_data_size: 16384, max_fragment_length: :undefined, secure_renegotiation: :undefined, security_parameters: {:security_parameters, <<0, 0>>, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined}, sequence_number: 1, server_verify_data: :undefined, trial_decryption: false}, pending_read: %{beast_mitigation: :one_n_minus_one, cipher_state: :undefined, client_verify_data: :undefined, compression_state: :undefined, early_data_limit: false, mac_secret: :undefined, max_early_data_size: 16384, max_fragment_length: :undefined, secure_renegotiation: :undefined, security_parameters: {:security_parameters, :undefined, 1, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, <<97, 145, 18, 55, 85, 201, 178, ...>>, :undefined, :undefined}, server_verify_data: :undefined, trial_decryption: false}, pending_write: %{beast_mitigation: :one_n_minus_one, cipher_state: :undefined, client_verify_data: :undefined, compression_state: :undefined, early_data_limit: false, mac_secret: :undefined, max_early_data_size: 16384, max_fragment_length: :undefined, secure_renegotiation: :undefined, security_parameters: {:security_parameters, :undefined, 1, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, :undefined, <<97, 145, 18, 55, 85, 201, ...>>, :undefined, :undefined}, server_verify_data: :undefined, trial_decryption: false}}, {:protocol_buffers, {:undefined, {[], 0, []}}, "", []}, {[], 0, []}, :undefined, {#PID<0.109.0>, #Reference<0.3591925500.1858600968.2191>}, :undefined}
            (ssl 10.5.2) tls_handshake_1_3.erl:652: :tls_handshake_1_3.do_start/2
            (ssl 10.5.2) tls_connection_1_3.erl:270: :tls_connection_1_3.start/3
            (stdlib 3.16.1) gen_statem.erl:1194: :gen_statem.loop_state_callback/11
            (ssl 10.5.2) tls_connection.erl:154: :tls_connection.init/1
            (stdlib 3.16.1) proc_lib.erl:226: :proc_lib.init_p_do_apply/3
    (stdlib 3.16.1) gen.erl:220: :gen.do_call/4
    (stdlib 3.16.1) gen_statem.erl:684: :gen_statem.call_dirty/4
    (ssl 10.5.2) ssl_gen_statem.erl:1185: :ssl_gen_statem.call/2
    (ssl 10.5.2) ssl_gen_statem.erl:224: :ssl_gen_statem.handshake/2
    (ssl 10.5.2) tls_gen_connection.erl:89: :tls_gen_connection.start_fsm/8
    (ssl 10.5.2) ssl_gen_statem.erl:193: :ssl_gen_statem.connect/8
    (ssl 10.5.2) ssl.erl:608: :ssl.connect/4

To be clear, the remote server is a simple TCP echo server. It simply echos back whatever it gets. So I'm presuming this is getting the erlang SSL application super confused!

(I suspect there is a bigger opportunity here, ie to add a fuzzer to the remote echo server. We may turn up all kinds of other interesting corner cases?)

[IngelaAndin]

Humm ... well I think that I understand how this happened and I suspect that it would not happen if using TLS-1.2 (they run different state machine code). We will look into improving the gracefulness for TLS-1.3.

[dgud]

Fixed merged