Bug 1656435
| Summary: | Connections using TLS 1.3 and PSK fail for keys larger than 512 bits | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Jakob Hirsch <jh.redhat-2018> |
| Component: | openssl | Assignee: | Tomas Mraz <tmraz> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 29 | CC: | jorton, tmraz |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-03-15 14:45:57 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Description of problem: TLS 1.3 was introduced with OpenSSL 1.1.1 and is used by default if the application Version-Release number of selected component (if applicable): openssl-1.1.1-3.fc29.x86_64 How reproducible: Always Steps to Reproduce: 1. Start server with a key longer than 512 bits (here: 130 nibbles => 65 bytes => 520 bits) openssl s_server -accept 4433 -nocert -psk $(printf '%.sa' {1..130}) 2. Try to connect openssl s_client -connect :4433 -psk $(printf '%.sa' {1..130}) 3. Actual results: Server side: Using default temp DH parameters ACCEPT ERROR 140164733306688:error:140940F4:SSL routines:ssl3_read_bytes:unexpected message:ssl/record/rec_layer_s3.c:1461: shutting down SSL CONNECTION CLOSED Client side: CONNECTED(00000004) 139953634740032:error:142120DB:SSL routines:tls_construct_ctos_early_data:bad psk:ssl/statem/extensions_clnt.c:752: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 7 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- Expected results: A successfull connection. Additional info: The connection can be successfully established by simply reducing the PSK size to 128 hex chars (i.e. 512 bits). It also works by disabling TLS 1.3 (-no_tls1_3 or -tls1_2) on the client side. It also works with OpenSSL 1.1.1a (tried on an Arch Linux machine, sorry), so it's probably already fixed upstream, I could not find a matching issue there, though.