Bug 1949621
| Summary: | In renegotiated handshake openssl sends extensions which client didn't advertise in second ClientHello [rhel-9] | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Hubert Kario <hkario> | |
| Component: | openssl | Assignee: | Dmitry Belyavskiy <dbelyavs> | |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Hubert Kario <hkario> | |
| Severity: | low | Docs Contact: | ||
| Priority: | low | |||
| Version: | 9.0 | CC: | bstinson, carl, dbelyavs, jwboyer, sahana | |
| Target Milestone: | beta | Keywords: | Triaged | |
| Target Release: | 9.0 Beta | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | No Doc Update | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1965362 (view as bug list) | Environment: | ||
| Last Closed: | 2021-12-07 21:24:13 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1965362 | |||
Description of problem: When client omits ec_point_formats extension in 2nd ClientHello, during renegotiation, the server still sends in the Server Hello. This is violation of requirements from Section 7.4.1.4 of RFC 5246. Version-Release number of selected component (if applicable): openssl-1.1.1g-15.el8_3.x86_64 How reproducible: always Steps to Reproduce: 1. openssl req -x509 -newkey rsa -keyout /tmp/localhost.key -out /tmp/localhost.crt -subj /CN=localhost -nodes -batch 2. openssl s_server -key /tmp/localhost.key -cert /tmp/localhost.crt -www 2>server.err >server.out & 3. PYTHONPATH=. python scripts/test-renegotiation-changed-clienthello.py -d Actual results: drop ec_point_formats in renegotiation ... Error encountered while processing node ExpectServerHello(description='second handshake') (child: <tlsfuzzer.expect.ExpectCertificate object at 0x7f63619a1ac8>) with last message being: <tlslite.messages.Message object at 0x7f63616f5fd0> Error while processing Traceback (most recent call last): File "tlsfuzzer/scripts/test-renegotiation-changed-clienthello.py", line 408, in main runner.run() File "/tmp/tmp.bHh2uLYuSt/tlsfuzzer/tlsfuzzer/runner.py", line 239, in run node.process(self.state, msg) File "/tmp/tmp.bHh2uLYuSt/tlsfuzzer/tlsfuzzer/expect.py", line 743, in process self._process_extensions(state, cln_hello, srv_hello) File "/tmp/tmp.bHh2uLYuSt/tlsfuzzer/tlsfuzzer/expect.py", line 630, in _process_extensions .toStr(ext_id))) AssertionError: Server sent unadvertised extension of type ec_point_formats Expected results: drop ec_point_formats in renegotiation ... OK Additional info: