crypto/tls: support ECDHE key exchanges when ec_point_formats is missing in ClientHello extension [1.19 backport] #54643

gopherbot · 2022-08-24T10:19:12Z

@FiloSottile requested issue #49126 to be considered for backport to the next 1.19 minor release.

Interestingly, this is only hit when using the Windows TLS1_3_CLIENT (or a different client that omits the extension) to reach a TLS 1.2-only Go server, because the extension is ignored entirely when negotiating TLS 1.3. This probably explains why it was only noticed for test sites (#49126 (comment)) which might disable TLS 1.3 to test for vulnerabilities, and why it didn't cause widespread breakage.

Still, considering the duplicates that were filed, the fact that we're the odd one out in getting this wrong, the fact that we're off-spec, the fact that this is not something applications can workaround (unless they can upgrade to TLS 1.3), how this kind of issue tends to add complexity to the ecosystem in the form of workarounds, and the simplicity of the fix, I think we should backport it.

PR #49127 / CL 358116 is an incomplete fix because we should not send the extension back when the client didn't send it. I'll send a new fix in a second.

@gopherbot please open backport issues for both supported releases.

gopherbot · 2022-08-25T20:04:39Z

Change https://go.dev/cl/425635 mentions this issue: [release-branch.go1.19] crypto/tls: support ECDHE when ec_point_formats is missing

gopherbot · 2022-08-29T19:18:24Z

Closed by merging 15b234b to release-branch.go1.19.

…ts is missing Updates #49126 Fixes #54643 Change-Id: I9d6f6392b1a6748bdac1d2c6371b22d75829a2b6 Reviewed-on: https://go-review.googlesource.com/c/go/+/425295 Run-TryBot: Filippo Valsorda <filippo@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Alex Scheel <alex.scheel@hashicorp.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: David Chase <drchase@google.com> (cherry picked from commit 1df2a03) Reviewed-on: https://go-review.googlesource.com/c/go/+/425635

…ts is missing Updates golang#49126 Fixes golang#54643 Change-Id: I9d6f6392b1a6748bdac1d2c6371b22d75829a2b6 Reviewed-on: https://go-review.googlesource.com/c/go/+/425295 Run-TryBot: Filippo Valsorda <filippo@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Alex Scheel <alex.scheel@hashicorp.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: David Chase <drchase@google.com> (cherry picked from commit 1df2a03) Reviewed-on: https://go-review.googlesource.com/c/go/+/425635

gopherbot added the CherryPickCandidate Used during the release process for point releases label Aug 24, 2022

gopherbot mentioned this issue Aug 24, 2022

crypto/tls: support ECDHE key exchanges when ec_point_formats is missing in ClientHello extension #49126

Closed

gopherbot added this to the Go1.19.1 milestone Aug 24, 2022

dr2chase added the CherryPickApproved Used during the release process for point releases label Aug 25, 2022

gopherbot removed the CherryPickCandidate Used during the release process for point releases label Aug 25, 2022

gopherbot closed this as completed Aug 29, 2022

crypto/tls: support ECDHE key exchanges when ec_point_formats is missing in ClientHello extension [1.19 backport] #54643

crypto/tls: support ECDHE key exchanges when ec_point_formats is missing in ClientHello extension [1.19 backport] #54643

gopherbot commented Aug 24, 2022

gopherbot commented Aug 25, 2022

gopherbot commented Aug 29, 2022

crypto/tls: support ECDHE key exchanges when ec_point_formats is missing in ClientHello extension [1.19 backport] #54643

crypto/tls: support ECDHE key exchanges when ec_point_formats is missing in ClientHello extension [1.19 backport] #54643

Comments

gopherbot commented Aug 24, 2022

gopherbot commented Aug 25, 2022

gopherbot commented Aug 29, 2022