-
Notifications
You must be signed in to change notification settings - Fork 17.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/tls: handshake failure with www.ksecurity.or.kr #64370
Comments
cc @neild FYI This site supports TLS 1.0/1.1/1.2 https://www.ssllabs.com/ssltest/analyze.html?d=www.ksecurity.or.kr |
cc @golang/security |
Hello, it works if you set the max tls version to 1.2 like this
I'll try to better investigate in the next few days |
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
@raghvenders I don't know much about that. |
@Rohsichan - Looks lit it is - RSA-PSS attached screenshot from chrome - It is similar to example.com except ksecurity is AES_128 in the cipher. Can you try example.com, it works. Both are tls1.3 conformant - https://datatracker.ietf.org/doc/html/rfc8446#page-41 - TLS_AES_128_GCM_SHA256 |
I've been to a lot of www.example.om sites. The tls connection is good. |
@Rohsichan @cc @golang/security - Figured Out the issue. Working on the Fix. |
It is not working for www.ksecurity.or.kr because of this - https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.9
However this I have not encountered for other sites - example.com or some other sites.(Needs to be investigated) currently it is skipped based on PSK Key Exchange Modes and other ClientSessionCache or SessionTicketsDisabled. After I set - PSK - Exchange Mode , It works - 200 OK. @rolandshoemaker @golang/security - Can somebody give some more insight on this. |
The same issue can be also observed with https://www.aeroportodinapoli.it works with CURL but not with golang client. If golang set to MaxVersion to be TLS1.2 it works, but not with TLS 1.3. @raghvenders can you please share more details on the changes you did to make it work with golang? Update figured based on this:
|
@varianone - How did you arrive As I mentioned above, I try to set pskModes as per https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.9 as server abort the handshake.(Not just for resumption)
If you try curl or another client, pks modes are sent in the request I was expecting a clarification from @FiloSottile @rolandshoemaker |
@raghvenders I search for PSK and arrived at this code inside the
Once I saw that the method exists on this condition:
I decided to see what would happen if I define a ClientSessionCache, as SessionTicketsDisabled was already set to false by default. As expected, the psk_key_exchange_modes were now present in the handshake. The capacity of 2 is just arbitrary for the test. Hope this clarifies it. |
Thank you for reporting and investigating this. It seems to me though that this is a server issue. We do not send psk_key_exchange_modes when we don't support receiving session tickets, nor should we. psk_key_exchange_modes is optional. The spec says
and indeed we always send psk_key_exchange_modes for resume attempts, when pre_shared_key is sent. We also send psk_key_exchange_modes on non-resumptions when we are willing to accept tickets, as suggested by the spec:
I emailed the operators of www.aeroportodinapoli.it, hopefully we'll find out what TLS stack they are using. |
Thanks @FiloSottile @varianone . Adding some more information(may help a bit), after first ClientHello, it ends up in https://datatracker.ietf.org/doc/html/rfc8446#section-4.1.4 - Hello Retry Request While resending ClientHello, server aborts (handshake failure) though recommended key_share is going, i believe. In this case secp256r1.That is where sending PSK with (EC)DHE key establishment, avoid handshake failure. |
@FiloSottile Is there any update on this issue? |
Go version
go version go1.20.11 linux/amd64
Reproducibility
What operating system and processor architecture are you using (
go env
)?What did you do?
https://go.dev/play/p/tpcoHIgSxNp
I created a program to access https://www.ksecurity.or.kr
What did you expect to see?
I looked forward to receiving your response normally.
What did you see instead?
I checked that tls 1.3 communication is made with the browser and curl commands.
If Golang supports only tls 1.2, I checked the normal connection.
The text was updated successfully, but these errors were encountered: