Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Downgrade protection #308

Merged
merged 16 commits into from
Nov 19, 2018
Merged

Downgrade protection #308

merged 16 commits into from
Nov 19, 2018

Conversation

kazu-yamamoto
Copy link
Collaborator

This implements downgrade protection defined in TLS 1.3.

ocheron
ocheron reviewed Nov 17, 2018
View reviewed changes
Copy link
Contributor

@ocheron ocheron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like the new module comparing chosen vs supported very much.

As for testing, the debug Maybe is good enough. It would be even more impressive to see an actual MITM implemented with something like hookRecvHandshake(13), changing not only the server version but also trying to manipulate the server random.

core/Network/TLS/Parameters.hs Outdated Show resolved Hide resolved
core/Tests/Tests.hs
let debug' = (serverDebug sparam) { debugVersion = Just TLS12 }
sparam' = sparam { serverDebug = debug' }
runTLSInitFailure (cparam,sparam')

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since this is tested 100 times with QuickCheck, can we add other downgrade scenarios as well as version combinations with no downgrade?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added the test case downgrading from TSL 1.3 to TLS 1.1.

If we can use arbitraryPairParams instead of arbitraryPairParams13 and guess the negotiated version, we can cover downgrade senario (TLS 1.2 -> TLS 1.1). In this case, mixing no downgrade make sense to me.

Unfortunately, I have no idea on how to tell the negotiated version. So, this test covers downgrade senarios only.

core/Network/TLS/Handshake/Random.hs Show resolved Hide resolved
core/Network/TLS/Handshake/Client.hs Outdated Show resolved Hide resolved
core/Network/TLS/Handshake/Random.hs Show resolved Hide resolved
@kazu-yamamoto
Copy link
Collaborator Author

It would be even more impressive to see an actual MITM implemented with something like hookRecvHandshake(13), changing not only the server version but also trying to manipulate the server random.

To implement this, ExtensionRaw and the data constructors of Handshake must be exported.

ocheron
ocheron approved these changes Nov 19, 2018
View reviewed changes
Copy link
Contributor

@ocheron ocheron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK for merge.

kazu-yamamoto added a commit to kazu-yamamoto/hs-tls that referenced this pull request Nov 19, 2018
@kazu-yamamoto
Merge PR haskell-tls#308.
4fea988
@kazu-yamamoto kazu-yamamoto merged commit 6e8394d into haskell-tls:master Nov 19, 2018
@kazu-yamamoto
Copy link
Collaborator Author

Rebased, pushed -f to put the merge mark and merged.
Thank you for your review!

@kazu-yamamoto kazu-yamamoto deleted the downgrade-protection branch November 19, 2018 23:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ocheron ocheron ocheron approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@kazu-yamamoto @ocheron