Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: using TLS 1.3 renders incorrect behavior for IMAP #36234

Open
dobegor opened this issue Dec 20, 2019 · 3 comments
Open

crypto/tls: using TLS 1.3 renders incorrect behavior for IMAP #36234

dobegor opened this issue Dec 20, 2019 · 3 comments
Milestone

Comments

@dobegor
Copy link

@dobegor dobegor commented Dec 20, 2019

What version of Go are you using (go version)?

$ go version
go version go1.13.5 darwin/amd64

Does this issue reproduce with the latest release?

Yes.

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/dobegor/Library/Caches/go-build"
GOENV="/Users/dobegor/Library/Application Support/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GONOPROXY=""
GONOSUMDB=""
GOOS="darwin"
GOPATH="/Users/dobegor/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/darwin_amd64"
GCCGO="gccgo"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/9h/8ghw84gx02l6__ryvxp4yzwh0000gn/T/go-build681607661=/tmp/go-build -gno-record-gcc-switches -fno-common"

What did you do?

Playground
go run main.go

What did you expect to see?

* OK [CAPABILITY IMAP4rev1 SASL-IR AUTH=PLAIN AUTH=XOAUTH2 AUTH=OAUTHBEARER ID MOVE NAMESPACE XYMHIGHESTMODSEQ UIDPLUS LITERAL+ CHILDREN X-MSG-EXT OBJECTID] IMAP4rev1 Hello

What did you see instead?

The aforementioned string repeated twice.
This problem does not occur using openssl client:

$ openssl s_client -tls1_3 -connect imap.mail.yahoo.com:993 CONNECTED(00000006) depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA verify return:1 depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA verify return:1 depth=0 C = US, ST = California, L = Sunnyvale, O = Oath Inc, CN = *.imap.mail.yahoo.com verify return:1 --- Certificate chain 0 s:C = US, ST = California, L = Sunnyvale, O = Oath Inc, CN = *.imap.mail.yahoo.com i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA 1 s:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA --- Server certificate -----BEGIN CERTIFICATE----- MIIGcTCCBVmgAwIBAgIQArWhretx7e5aWJOBGGgO2jANBgkqhkiG9w0BAQsFADBw MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz dXJhbmNlIFNlcnZlciBDQTAeFw0xOTA5MDQwMDAwMDBaFw0yMDAzMDIxMjAwMDBa MGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlT dW5ueXZhbGUxETAPBgNVBAoTCE9hdGggSW5jMR4wHAYDVQQDDBUqLmltYXAubWFp bC55YWhvby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkNNlL eOX+OjwT0IoW3yxJnfMeG59Ca4WhgpYoHcdWRvVBbgY8AtbEutpAZnbCv+0VZoHU aYarZMOMQxkj85ctSJwd0o2jWImSzD60rXEP3gBWSNwqrspEKXECfO2Hor/V1B4x tvxGTaUqM5Sx+MbxK3wRbxQ94DlGzO7601/P63HxNj3ZLJcwyzjXxHzcUddbXrBv /4cBbLiFSt2b9g+651bbXT/1N7vy0ioY4P6IqlxbENVi01CAGMKXXjDXOKwd5rby 44e3IDpc7Zyeuyjuzw3/+KRTc1qJel+8meXpvQ4+6r4R5aEytIC2NZIH21x6BrnL GcpmbrUmvgw0pg2FAgMBAAGjggMMMIIDCDAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM 2WVkYqISuFlyOzAdBgNVHQ4EFgQU43meravjcr0dEvw0di2raJ8FAE0wNQYDVR0R BC4wLIIVKi5pbWFwLm1haWwueWFob28uY29tghNpbWFwLm1haWwueWFob28uY29t MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw dQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTIt aGEtc2VydmVyLWc2LmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29t L3NoYTItaGEtc2VydmVyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAq MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeB DAECAjCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5k aWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0 LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0MAwGA1Ud EwEB/wQCMAAwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwC72d+8H4pxtZOUI5eq kntHOFeVCqtS6BqQlmQ2jh7RhQAAAWz9MEmXAAAEAwBIMEYCIQC5rnbFRD4/bLRc DNpJuW/R7d+tdoADAj67eTc+vL764gIhAJwPetvPwUN9TjqCBQsFO1Z5RCTSOdhu 3KdMNzO89R64AHYAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFs /TBKLQAABAMARzBFAiEAzZC0ZftrLgXK6f36htcLNPmQy0tVY4NCXZgTu6wcGtQC ICn1Z4jKxtKHyQCZ/hsTRPL2BWh2bqD6I9ltEGDdzGO1MA0GCSqGSIb3DQEBCwUA A4IBAQAZAkmD3dCsQruIokYaomS2IG2Md3WgJDyLoWyiwptv5Ix7XQ9FxdIRvu2+ H7zf5tKla1QZsLRGUhadleP0KCNsqG3xLR6lLsfIRYD1FKAUGF1DpSbha8IqM2A8 r3nj0Tb2cTzIF93lTawGOWMDPEXumQEwe/XsiCBLCFhOfND6qLvDPwSKDV7KGisg DRqg6HlLdBrzFHBx9VUh9GSB+Kfm5FJlUyR3aOdgGzQgsQwnG273DBVNPXmZP2L1 GgtSke1E+Iv9UJSTf+6RVZ0KbjpMPINI/fTAuFyspRZXh7Jo8cYhWOfYd8bhfXji VszJKFBPCtVYA2RlMPS/5jJl9Qma -----END CERTIFICATE----- subject=C = US, ST = California, L = Sunnyvale, O = Oath Inc, CN = *.imap.mail.yahoo.com issuer=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA --- No client certificate CA names sent Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA1:RSA+SHA1 Shared Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 3470 bytes and written 353 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 4CA4B10E59B920287331D731700F956440546EBCED6ECDEE75104A76D90AA540 Session-ID-ctx: Resumption PSK: B67BC1696B76C34FB167391D81BB816BF2E3FE90694BDED547AE1C322547F973452508277947C2E646DA1C50BB423A18 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 60 (seconds) TLS session ticket: 0000 - c7 32 a7 3e d6 be d2 74-a9 03 b2 1e be 32 f6 c2 .2.>...t.....2.. 0010 - 30 28 5d c5 3a 76 9b 0e-26 58 ff 1a e7 83 cf bf 0(].:v..&X...... Start Time: 1576857012 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 5D7B86E4B5A1C0B76404A12696A049DB8CA528338BA2AD7A70236642DF017D11 Session-ID-ctx: Resumption PSK: F72E8CCD6C76E66C04BBA37E502CF589410FD43D5FAD9E435C28C8E5B3C2E7A1115B6E0B2034A6B1729686D49C63C582 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 60 (seconds) TLS session ticket: 0000 - f0 3c f6 a3 6b 9b 29 7b-e7 14 80 29 3e db 72 71 .<..k.){...)>.rq 0010 - 64 4e 5d fd 4b 9f be 4e-52 8e 8c 94 16 d8 c9 1a dN].K..NR....... Start Time: 1576857012 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK * OK [CAPABILITY IMAP4rev1 SASL-IR AUTH=PLAIN AUTH=XOAUTH2 AUTH=OAUTHBEARER ID MOVE NAMESPACE XYMHIGHESTMODSEQ UIDPLUS LITERAL+ CHILDREN X-MSG-EXT OBJECTID] IMAP4rev1 Hello

If I disable TLS 1.3, the problem does not occur:

$ env GODEBUG=tls13=0 go run main.go
* OK [CAPABILITY IMAP4rev1 SASL-IR AUTH=PLAIN AUTH=XOAUTH2 AUTH=OAUTHBEARER ID MOVE NAMESPACE XYMHIGHESTMODSEQ UIDPLUS LITERAL+ CHILDREN X-MSG-EXT OBJECTID] IMAP4rev1 Hello
^Csignal: interrupt
$ go run main.go
* OK [CAPABILITY IMAP4rev1 SASL-IR AUTH=PLAIN AUTH=XOAUTH2 AUTH=OAUTHBEARER ID MOVE NAMESPACE XYMHIGHESTMODSEQ UIDPLUS LITERAL+ CHILDREN X-MSG-EXT OBJECTID] IMAP4rev1 Hello
* OK [CAPABILITY IMAP4rev1 SASL-IR AUTH=PLAIN AUTH=XOAUTH2 AUTH=OAUTHBEARER ID MOVE NAMESPACE XYMHIGHESTMODSEQ UIDPLUS LITERAL+ CHILDREN X-MSG-EXT OBJECTID] IMAP4rev1 Hello
^Csignal: interrupt
@dmitshur dmitshur added this to the Backlog milestone Dec 20, 2019
@dmitshur

This comment has been minimized.

Copy link
Member

@dmitshur dmitshur commented Dec 20, 2019

@shahan312

This comment has been minimized.

Copy link

@shahan312 shahan312 commented Jan 13, 2020

+1 We are able to reproduce. Appears to be specific to Verizon Mail servers though, such as Yahoo.

@shahan312

This comment has been minimized.

Copy link

@shahan312 shahan312 commented Jan 13, 2020

Can confirm that it is specific to Yahoo IMAP server and other Verizon Mail servers. Cannot reproduce on other providers, such as Gmail.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.