Bug 1410861

Summary: NSS server does not comply with the RFC 7919
Product: Red Hat Enterprise Linux 6 Reporter: Alicja Kario <hkario>
Component: nssAssignee: nss-nspr-maint <nss-nspr-maint>
Status: CLOSED NOTABUG QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.8CC: kengert
Target Milestone: pre-dev-freeze   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-31 14:01:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alicja Kario 2017-01-06 16:07:13 UTC 
Description of problem:
the NSS server does not comply with the RFC 7919 MUST requirement in  Section 4

Version-Release number of selected component (if applicable):
nss-3.27.1-12.el6.x86_64

How reproducible:
always

Steps to Reproduce:
git clone https://github.com/tomato42/tlsfuzzer.git
pushd tlsfuzzer
git checkout ffdhe # won't be necessary in future
git clone https://github.com/warner/python-ecdsa .python-ecdsa
ln -s .python-ecdsa/ecdsa ecdsa
git clone https://github.com/tomato42/tlslite-ng.git .tlslite-ng
pushd .tlslite-ng
git checkout ffdhe # won't be necessary in future
popd
ln -s .tlslite-ng/tlslite tlslite
popd
openssl req -x509 -newkey rsa -keyout localhost.key -out localhost.crt -nodes -batch -subj /CN=localhost
openssl pkcs12 -export -passout pass:  -out localhost.p12 -inkey localhost.key -in localhost.crt
mkdir nssdb
certutil -N -d sql:nssdb --empty-password
pk12util -i localhost.p12 -d sql:nssdb -W ''
./selfserv -d sql:./nssdb -p 4433 -V tls1.0: -H 1 -n localhost
# in another terminal, same directory
PYTHONPATH=tlsfuzzer python tlsfuzzer/scripts/test-ffdhe-negotiation.py 'no overlap between groups'


Actual results:
no overlap between groups ...
Error encountered while processing node <tlsfuzzer.expect.ExpectAlert object at 0x1e18b90> (child: <tlsfuzzer.expect.ExpectClose object at 0x1e18bd0>) with last message being: <tlslite.messages.Message object at 0x1e1c350>
Error while processing
Traceback (most recent call last):
  File "tlsfuzzer/scripts/test-ffdhe-negotiation.py", line 295, in main
    runner.run()
  File "/tmp/tmp.y0pmCSjuzr/tlsfuzzer/tlsfuzzer/runner.py", line 168, in run
    node.process(self.state, msg)
  File "/tmp/tmp.y0pmCSjuzr/tlsfuzzer/tlsfuzzer/expect.py", line 542, in process
    raise AssertionError(problem_desc)
AssertionError: Alert description 40 != 71



Expected results:
no overlap between groups ...
OK

Additional info:
RFC 7919 MUST requirement in Section 4:

   If the extension is present
   with FFDHE groups, none of the client's offered groups are acceptable
   by the server, and none of the client's proposed non-FFDHE cipher
   suites are acceptable to the server, the server MUST end the
   connection with a fatal TLS alert of type insufficient_security(71).
Comment 2 Kai Engert (:kaie) (inactive account) 2017-01-11 15:43:41 UTC 
If you find deficiencies in NSS that aren't specific to our packaging, please always report an upstream bug.