Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Usage of static ProtocolVersion in handshakes #49

Closed
manuels opened this issue Feb 13, 2017 · 4 comments
Closed

Usage of static ProtocolVersion in handshakes #49

manuels opened this issue Feb 13, 2017 · 4 comments

Comments

@manuels
Copy link

manuels commented Feb 13, 2017

I noted that the protocol version 1.2 is hard coded in a lot of code for the handshaking (e.g. https://github.com/ctz/rustls/blob/master/src/client_hs.rs#L931).
This looks a bit odd (I'd expect this version to be sess.common.negotiated_version as soon as SeverHello) is transmitted - so I just want to check with you guys if this is ok or it's a bug.
@manuels
Copy link
Author

manuels commented Feb 13, 2017
edited

Also see RFC v1.2: https://tools.ietf.org/html/rfc5246#section-6.2.1 under version.
On the other hand RFC v1.3 says it should be ProtocolVersion::TLS_v10 and should be ignored: https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-5

Confused.

@ctz
Copy link
Member

ctz commented Feb 19, 2017

For TLS1.3 the key thing to note is that TLS13MessageEncrypter sets the right version here: https://github.com/ctz/rustls/blob/master/src/cipher.rs#L306 and ignores the version in the message.

TLS13MessageDecrypter likewise sets all versions to TLS1.3, which allows the messages to be decoded properly (because the encoding of some variant types changed between TLS1.2 and TLS1.3 and the version is the only way work out the difference -- ugly!)

This is going to be much more of an issue for TLS1.1 support -- so I'm leaving it open.

@manuels
Copy link
Author

manuels commented Feb 19, 2017

I see, thanks for clarification. But shouldn't this be v1.0 in case of TLS v1.3?

https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-5.2 says:

The legacy_record_version field is identical
to TLSPlaintext.legacy_record_version and is always 0x0301. Note
that the handshake protocol including the ClientHello and
ServerHello messages authenticates the protocol version, so this
value is redundant.

@ctz
Copy link
Member

ctz commented May 6, 2017

shouldn't this be v1.0 in case of TLS v1.3

On the wire its 1.0, but internally its 1.3. The translation happens in the message encryption/decryption functions.

@ctz ctz closed this as completed May 6, 2017
ctz pushed a commit that referenced this issue Feb 9, 2024
@shahn @briansmith
Add support for Ed25519 certificates
d139e98 
This adds support for verification of ed25519 certificates according to
RFC 8410. Implements #49.

The test certificate was generated using OpenSSL 1.1.1a, using the
following commands (CA.pl is distributed with OpenSSL):

openssl genpkey -algorithm ed25519 -outform pem -out root_key.pem
openssl req -new -x509 -days 9999 -extensions v3_ca -key root_key.pem \
-inform pem -outform pem -out root_ed25519.pem
echo root_ed25519.pem | CA.pl -newca

openssl genpkey -algorithm ed25519 -outform pem -out client_key.pem
openssl req -new -key client_key.pem -inform pem -outform pem \
-out client_ed25519_csr.pem
openssl ca -keyfile ./root_key.pem -days 999 -notext -in \
client_ed25519_csr.pem -out client_ed25519.pem

I agree to license my contributions to each file under the terms given
at the top of each file I changed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@manuels @ctz